All Apps and Add-ons

How does Splunk DB Connect work and does Splunk come with its own built-in database?

splunksurekha
Path Finder

Hi,

I want to know how SPlunk DB connect works in splunk.
Does Splunk come with its own built-in database?
Is it oracle/sql/db2 or its own language?
So do all the searches/reports get saved in the splunk db?

Thanks
Surekha

0 Karma

fdi01
Motivator

DB Connect how it works ?

Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.

DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.

DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.

for more information see this link:
http://docs.splunk.com/Documentation/DBX/2.0.0/DeployDBX/AboutSplunkDBConnect#What_can_DB_Connect_do...

0 Karma

gyslainlatsa
Motivator

hi following these stages,
splunk connection to any database: example MYSQL

1. Creation of the database
2. Installing a local server or server xampp or WampServer
3. import your database from the local server
4. settle in the Splunk SplunkDbConnect application and configure startup
   a) specify the path of jdk or jre in your machine by default was: C:\program Files \Java\jdk1.6.0 or C:\Program Files\ Java\ jre1.6.0
   b) Download and install mysql-connector-java-5.1.32-gpl
   c) go to the installation folder C:\Program File\ MySQL\MySQL Connector J
   d) copy to this directory the mysql-connector-java-5.1.32-bin.jar paste and go to C:\Program File\Splunk\etc\apps\dbx\bin\lib
   e) Then restart Splunk
5. After connection in splunk, you execute the implementation SplunkDbConnect
6. Then you click Database connections in Splunk Manager and click New and then fill in the boxes apparaisssent.
7. Name = name of the Data Base that you need and that will be recorded in splunk.
   Type = MySql DataBase
   Host = localhost
   UserName = Root
   DataBase = Name Creates base.
If necessary DatabaseTest.
   Then you click Fetch database names to see the catalog of Databases and select the one you want
8. Finally, you click Save.

or following this link: http://docs.splunk.com/Documentation/DBX

0 Karma

splunksurekha
Path Finder

Thanks you so much this information is of great help.

0 Karma

gyslainlatsa
Motivator

do not forget to vote then

0 Karma

NOUMSSI
Builder

Splunk DB Connect lets you enrich and combine your machine data with database data. You can use the app to configure database queries and lookups in minutes via the Splunk Web interface.

Splunk doesn't comes with its own inbuilt DB.

Splunk DB Connect tests and supports connection to these databases:
· DB2
· Microsoft SQL Server
· MySQL
· Oracle Database
· Sybase, Adaptive Server Enterprise version 15.7 Developer's Edition

You can also connect to these unsupported databases:
· Generic ODBC support
· H2
· HyperSQL
· PostgreSQL
· SQLite
Provide the necessary JDBC drivers to add your own database types.

The Splunk DB Connect app runs on Splunk 4.3 and later.
Note: Splunk DB Connect has not been tested and is not supported with Splunk Free.

MuS
SplunkTrust
SplunkTrust

Hi splunksurekha,

If you're talking about the DBX App which enables Splunk to connect to a DB; this is Java based and details can be found here http://docs.splunk.com/Documentation/DBX/2.0.0/DeployDBX/AboutSplunkDBConnect

Splunk itself is not a database and it uses no database to store events. The indexed events are stored in flat files.
You can find an overview of third party software used in Splunk here http://docs.splunk.com/Documentation/Splunk/6.2.2/ReleaseNotes/Credits

All queries for reports are saved as XML files, more details can you find here http://docs.splunk.com/Documentation/Splunk/6.2.2/AdvancedDev/Whatsinthismanual

Hope that helps ...

cheers, MuS

splunksurekha
Path Finder

Thanks you very much .
So if i install splundb app will it have any effect on my space and performance.
Should i give a completely new volume or server for only DB transactions.

0 Karma

MuS
SplunkTrust
SplunkTrust

Since I don't know your use case, I cannot tell you if it will impact your servers performance. Disk space should not be a problem since the app is not too big.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...