I want to know how SPlunk DB connect works in splunk.
Does Splunk come with its own built-in database?
Is it oracle/sql/db2 or its own language?
So do all the searches/reports get saved in the splunk db?
DB Connect how it works ?
Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.
DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.
DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.
for more information see this link:
hi following these stages,
splunk connection to any database: example MYSQL
1. Creation of the database 2. Installing a local server or server xampp or WampServer 3. import your database from the local server 4. settle in the Splunk SplunkDbConnect application and configure startup a) specify the path of jdk or jre in your machine by default was: C:\program Files \Java\jdk1.6.0 or C:\Program Files\ Java\ jre1.6.0 b) Download and install mysql-connector-java-5.1.32-gpl c) go to the installation folder C:\Program File\ MySQL\MySQL Connector J d) copy to this directory the mysql-connector-java-5.1.32-bin.jar paste and go to C:\Program File\Splunk\etc\apps\dbx\bin\lib e) Then restart Splunk 5. After connection in splunk, you execute the implementation SplunkDbConnect 6. Then you click Database connections in Splunk Manager and click New and then fill in the boxes apparaisssent. 7. Name = name of the Data Base that you need and that will be recorded in splunk. Type = MySql DataBase Host = localhost UserName = Root DataBase = Name Creates base. If necessary DatabaseTest. Then you click Fetch database names to see the catalog of Databases and select the one you want 8. Finally, you click Save.
or following this link: http://docs.splunk.com/Documentation/DBX
Thanks you so much this information is of great help.
do not forget to vote then
Splunk DB Connect lets you enrich and combine your machine data with database data. You can use the app to configure database queries and lookups in minutes via the Splunk Web interface.
Splunk doesn't comes with its own inbuilt DB.
Splunk DB Connect tests and supports connection to these databases:
· Microsoft SQL Server
· Oracle Database
· Sybase, Adaptive Server Enterprise version 15.7 Developer's Edition
You can also connect to these unsupported databases:
· Generic ODBC support
Provide the necessary JDBC drivers to add your own database types.
The Splunk DB Connect app runs on Splunk 4.3 and later.
Note: Splunk DB Connect has not been tested and is not supported with Splunk Free.
If you're talking about the DBX App which enables Splunk to connect to a DB; this is Java based and details can be found here http://docs.splunk.com/Documentation/DBX/2.0.0/DeployDBX/AboutSplunkDBConnect
Splunk itself is not a database and it uses no database to store events. The indexed events are stored in flat files.
You can find an overview of third party software used in Splunk here http://docs.splunk.com/Documentation/Splunk/6.2.2/ReleaseNotes/Credits
All queries for reports are saved as XML files, more details can you find here http://docs.splunk.com/Documentation/Splunk/6.2.2/AdvancedDev/Whatsinthismanual
Hope that helps ...
Thanks you very much .
So if i install splundb app will it have any effect on my space and performance.
Should i give a completely new volume or server for only DB transactions.
Since I don't know your use case, I cannot tell you if it will impact your servers performance. Disk space should not be a problem since the app is not too big.