All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Issue with Microsoft SQL Server App

sushma7
Path Finder
‎01-16-2014 07:01 PM

Hi,

I had installed the Microsoft SQL app on the main splunk instance and also installed the corresponding add-ons on the universal forwarder machine, following the documentation, still the app is not showing SQL servers and it is not fetching data from it.

Thanks in advance for your help.

Regards,
Sushma.

0 Karma
Reply

amiracle
Splunk Employee
Splunk Employee
‎07-31-2014 01:58 PM

I figured this one out, finally. Here's what I did:
Windows Server 2008 R2 and Windows 2012 R2 - Open Powershell as Administrator

PS C:\>Get-Execution Policy

If it's Restricted, then do the following:

PS C:\>Set-Execution Policy Bypass

Say Yes to the Execution Policy Change.

Then run Get-ExecutionPolicy and see that it changed to Bypass:

PS C:\> Get-ExecutionPolicy
Bypass

Once you have that done, now you'll need to make one more change.

Open your SQL Server Management Studio and log in as sysadmin (sa). Go to Security ->Logins -> NT AUTHORITY\SYSTEM (Properties) and grant the user sysadmin Server Role. Apply the change and restart your Splunk service. (Thanks Adrian: http://answers.splunk.com/answers/108974/problem-with-powershell-and-splunk_for_sqlserver-app)

Once you have all these steps done, then go into the app and run the Lookup Table Rebuilder (Searches & Reports->Lookup Table Rebuilder)

Lastly, you can run the search: 

index=mssql | stats count, values(sourcetype) by host

You should see the following source types show up:

MSSQL:Database:Health
MSSQL:Host:Memory
MSSQL:Instance:Service
MSSQL:Instance:User
Powershell:ScriptExecutionSummary
0 Karma
Reply

FunPolice
Path Finder
‎06-09-2014 08:01 AM

Sushma,

The SQL app instructions don't include instructions for the other apps that you need - see http://answers.splunk.com/answers/101202/sql-server-splunk-app-does-not-show-any-servers for someone who is having the same problem. I'm still working through this myself, but at the very least you will need to ensure that powershell scripts can run.

On your SQL server:

  • Start a Powershell window as an administrator
  • Run "Get-ExecutionPolicy". You can see what the answer means at http://technet.microsoft.com/library/hh847748.aspx.
  • Run "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned (if that's suitable for you - I'm still testing)
  • Run "Get-ExecutionPolicy" again to confirm the change
  • Try running a script manually to see what happens (any script will do)
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...