All Apps and Add-ons
Highlighted

Is it possible to use Splunk DB Connect to search MongoDB?

Motivator

I'm using Splunk Enterprise (licensed) and i want to connect to an external MongoDB to search data stored there. I don't to want to index any of this data.
- I don't have a Hunk license. Can i still use the Hunk App for MongoDB?
- Is it viable to use Splunk DB connect?
Already looked into some posts here but most are almost 2 years old and some of the answers are not really enlightening on a good way to achieve this.

------------
Hope I was able to help you. If so, an upvote would be appreciated.
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Communicator

Hi diogofgm,

Looking at your question i stumbled across this:
https://answers.splunk.com/answers/89828/mongodb-and-splunk.html
http://www.unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk.pdf

i have not tried to query a mongoDB with splunk, but just from reading the docs:
http://docs.splunk.com/Documentation/DBX/2.3.1/DeployDBX/Supporteddatabases#Other_databases

In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. For more information, see Install drivers for other databases. 

I bet you can do the same with DBX 2 as referred in the pdf/answer above.

Maybe it helps

0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Contributor

DB Connect is not intended for searching databases, it's intended to pull data into Splunk for indexing. It doesn't allow you to just query a database and display it in the Splunk WebUI.

0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Legend

@nnmiller Splunk DB Connect 2 allows querying of database to be displayed in Splunk Web UI through DB Lookups Operations. Advantage is that it will not add to daily indexing volume, however, it will impact performance of Database as they will be queried directly through Splunk.

Having said that MongoDB is not listed in supported DBs for DB Connect 2 app. http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Supporteddatabases

Hunk App for MongoDB seems to be only possibility for this. However, it is better to check with Splunk representatives on Licensing/cost.




| eval message="Happy Splunking!!!"


0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

SplunkTrust
SplunkTrust

The answer is simple and it's listed on the overview of the dbconnect app:

Splunk DB Connect is the best solution for working with databases from Splunk. It can help you quickly integrate structured data sources with your Splunk real-time machine data collection. Supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, and Teradata.

https://splunkbase.splunk.com/app/2686/

It wouldnt be too hard to write a custom search command to do this however. In fact, there is a curl command in "JKat's Toolkit" found here: https://splunkbase.splunk.com/app/3265/.

Such a command could be modified to search just mongodb but as I understand it, mongodb is just a RESTful / API driven DB store. You should be able to use that curl command just fine.

0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Contributor

There isn't a curl command in JKat's toolkit (jkats-toolkit_006) since December 2016. There are only the commands motd, decimaltoip, and randomint. The curl and urlencode commands have moved to TA-Webtools (https://splunkbase.splunk.com/app/3420/).

0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Splunk Employee
Splunk Employee

I was working with the Unity JDBC driver ( http://www.unityjdbc.com/mongojdbc/mongo_jdbc.php ) and got DB Connect to work with MongoDB using this stanza
[mongo2]
displayName = MongoDB2
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
jdbcUrlFormat = jdbc:mongodb:// < host > : < port > / < database >

jdbcDriverClass = mongodb.jdbc.MongoDriver
port = 27017

View solution in original post

Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Motivator

Sorry on the delay.. but haven't been around the place to test this! It works. Thanks

------------
Hope I was able to help you. If so, an upvote would be appreciated.
0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

New Member

hi foloow the steps but still all searches return empty (and no collections return to the data lab )

0 Karma
Highlighted

Re: Is it possible to use Splunk DB Connect to search MongoDB?

Explorer

How do you install jdbc drivers for mongodb? I copied jar file mongo-java-driver-3.7.1.jar to $SPLUNKHOME/etc/apps/splunkappdbconnect/drivers directory but I still see below errors. My DB connect version is 3.1.2

action=loaddrivers Can not load any driver from files [$SPLUNKHOME/etc/apps/splunkappdb_connect/drivers/mongo-java-driver-3.7.1.jar]

0 Karma