Solved: Re: Is it possible to use Splunk DB Connect to sea...

diogofgm · ‎11-04-2016

I'm using Splunk Enterprise (licensed) and i want to connect to an external MongoDB to search data stored there. I don't to want to index any of this data.
- I don't have a Hunk license. Can i still use the Hunk App for MongoDB?
- Is it viable to use Splunk DB connect?
Already looked into some posts here but most are almost 2 years old and some of the answers are not really enlightening on a good way to achieve this.

------------
Hope I was able to help you. If so, some karma would be appreciated.

rdagan_splunk · ‎11-22-2016

I was working with the Unity JDBC driver ( http://www.unityjdbc.com/mongojdbc/mongo_jdbc.php ) and got DB Connect to work with MongoDB using this stanza
[mongo2]
displayName = MongoDB2
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
jdbcUrlFormat = jdbc:mongodb:// < host > : < port > / < database >

jdbcDriverClass = mongodb.jdbc.MongoDriver
port = 27017

View solution in original post

rdagan_splunk · ‎11-22-2016

I was working with the Unity JDBC driver ( http://www.unityjdbc.com/mongojdbc/mongo_jdbc.php ) and got DB Connect to work with MongoDB using this stanza
[mongo2]
displayName = MongoDB2
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
jdbcUrlFormat = jdbc:mongodb:// < host > : < port > / < database >

jdbcDriverClass = mongodb.jdbc.MongoDriver
port = 27017

kc64645 · ‎06-19-2018

How do you install jdbc drivers for mongodb? I copied jar file mongo-java-driver-3.7.1.jar to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory but I still see below errors. My DB connect version is 3.1.2

action=load_drivers Can not load any driver from files [$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/mongo-java-driver-3.7.1.jar]

bestSplunker · ‎06-10-2019

@kc64645 plase download mongodb_unityjdbc_full.jar, https://raw.githubusercontent.com/michaelloliveira/traccar-mongodb/master/lib/mongodb_unityjdbc_full...

diogofgm · ‎01-16-2017

Sorry on the delay.. but haven't been around the place to test this! It works. Thanks

------------
Hope I was able to help you. If so, some karma would be appreciated.

barakharyati1 · ‎01-24-2018

hi foloow the steps but still all searches return empty (and no collections return to the data lab )

jkat54 · ‎11-07-2016

The answer is simple and it's listed on the overview of the dbconnect app:

Splunk DB Connect is the best solution for working with databases from Splunk. It can help you quickly integrate structured data sources with your Splunk real-time machine data collection. Supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, and Teradata.

https://splunkbase.splunk.com/app/2686/

It wouldnt be too hard to write a custom search command to do this however. In fact, there is a curl command in "JKat's Toolkit" found here: https://splunkbase.splunk.com/app/3265/.

Such a command could be modified to search just mongodb but as I understand it, mongodb is just a RESTful / API driven DB store. You should be able to use that curl command just fine.

DUThibault · ‎04-30-2018

There isn't a curl command in JKat's toolkit (jkats-toolkit_006) since December 2016. There are only the commands motd, decimaltoip, and randomint. The curl and urlencode commands have moved to TA-Webtools (https://splunkbase.splunk.com/app/3420/).

hgrow · ‎11-04-2016

Hi diogofgm,

Looking at your question i stumbled across this:
https://answers.splunk.com/answers/89828/mongodb-and-splunk.html
http://www.unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk.pdf

i have not tried to query a mongoDB with splunk, but just from reading the docs:
http://docs.splunk.com/Documentation/DBX/2.3.1/DeployDBX/Supporteddatabases#Other_databases

In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. For more information, see Install drivers for other databases.

I bet you can do the same with DBX 2 as referred in the pdf/answer above.

Maybe it helps

nnmiller · ‎11-04-2016

DB Connect is not intended for searching databases, it's intended to pull data into Splunk for indexing. It doesn't allow you to just query a database and display it in the Splunk WebUI.

niketn · ‎11-07-2016

@nnmiller Splunk DB Connect 2 allows querying of database to be displayed in Splunk Web UI through DB Lookups Operations. Advantage is that it will not add to daily indexing volume, however, it will impact performance of Database as they will be queried directly through Splunk.

Having said that MongoDB is not listed in supported DBs for DB Connect 2 app. http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Supporteddatabases

Hunk App for MongoDB seems to be only possibility for this. However, it is better to check with Splunk representatives on Licensing/cost.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Is it possible to use Splunk DB Connect to search MongoDB?

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...