I'm just beginning the process of getting Splunk DB Connect and Splunk Cloud working together. I've read the docs, but I'm having a hard time understanding how to get this to work with Splunk Cloud. Could someone put together a list of steps to get it installed and running? Conceptual steps would be ok, just something that I can try to wrap my head around.
To run DB Connect you need a full Splunk Enterprise install.
Your data should then be sent to the cloud and you can start playing with it.
Here's the dbconnect guide, if you follow it step by step, you'll be fine.
Hope this helps
Yeah, you will still need an on-premise installation of Splunk Enterprise to act as a Heavy Forwarder. See step 2 and 3.
A universal forwarder is a different binary and cannot run DB Connect, a Heavy forwarder is literally just a full install of Splunk Enterprise, but configured to act as a forwarder.
Note: I'm making the assumption here that you wouldn't want to query your local Oracle databases from your Cloud environment...
A few reasons, but it purely depends on your security model and types of queries. Firstly, you'd probably have to create firewall rules to expose your Oracle port to the internet, I wouldn't recommend this at all. Secondly, sql queries can return huge datasets, depending on your bandwidth, this setup could be unbearably slow. I strongly recommend you follow the steps above and query your database using a local install of DBConnect, then send the data do the cloud.
This is and Oracle DB
I have DB connect installed on the Splunk Cloud side already
Things I'm having a hard time with:
Do I use the UF on the DB server itself? If so, how do I get that configured?
If the UF isn't used, what is?