All Apps and Add-ons

How does Splunk DB Connect work and does Splunk come with its own built-in database?

Path Finder


I want to know how SPlunk DB connect works in splunk.
Does Splunk come with its own built-in database?
Is it oracle/sql/db2 or its own language?
So do all the searches/reports get saved in the splunk db?


0 Karma


DB Connect how it works ?

Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.

DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.

DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.

for more information see this link:

0 Karma


hi following these stages,
splunk connection to any database: example MYSQL

1. Creation of the database
2. Installing a local server or server xampp or WampServer
3. import your database from the local server
4. settle in the Splunk SplunkDbConnect application and configure startup
   a) specify the path of jdk or jre in your machine by default was: C:\program Files \Java\jdk1.6.0 or C:\Program Files\ Java\ jre1.6.0
   b) Download and install mysql-connector-java-5.1.32-gpl
   c) go to the installation folder C:\Program File\ MySQL\MySQL Connector J
   d) copy to this directory the mysql-connector-java-5.1.32-bin.jar paste and go to C:\Program File\Splunk\etc\apps\dbx\bin\lib
   e) Then restart Splunk
5. After connection in splunk, you execute the implementation SplunkDbConnect
6. Then you click Database connections in Splunk Manager and click New and then fill in the boxes apparaisssent.
7. Name = name of the Data Base that you need and that will be recorded in splunk.
   Type = MySql DataBase
   Host = localhost
   UserName = Root
   DataBase = Name Creates base.
If necessary DatabaseTest.
   Then you click Fetch database names to see the catalog of Databases and select the one you want
8. Finally, you click Save.

or following this link:

0 Karma

Path Finder

Thanks you so much this information is of great help.

0 Karma


do not forget to vote then

0 Karma


Splunk DB Connect lets you enrich and combine your machine data with database data. You can use the app to configure database queries and lookups in minutes via the Splunk Web interface.

Splunk doesn't comes with its own inbuilt DB.

Splunk DB Connect tests and supports connection to these databases:
· DB2
· Microsoft SQL Server
· Oracle Database
· Sybase, Adaptive Server Enterprise version 15.7 Developer's Edition

You can also connect to these unsupported databases:
· Generic ODBC support
· H2
· HyperSQL
· PostgreSQL
· SQLite
Provide the necessary JDBC drivers to add your own database types.

The Splunk DB Connect app runs on Splunk 4.3 and later.
Note: Splunk DB Connect has not been tested and is not supported with Splunk Free.


Hi splunksurekha,

If you're talking about the DBX App which enables Splunk to connect to a DB; this is Java based and details can be found here

Splunk itself is not a database and it uses no database to store events. The indexed events are stored in flat files.
You can find an overview of third party software used in Splunk here

All queries for reports are saved as XML files, more details can you find here

Hope that helps ...

cheers, MuS

Path Finder

Thanks you very much .
So if i install splundb app will it have any effect on my space and performance.
Should i give a completely new volume or server for only DB transactions.

0 Karma


Since I don't know your use case, I cannot tell you if it will impact your servers performance. Disk space should not be a problem since the app is not too big.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...