Solved: Real time database insertion from Splunk

ahmedhassanean · ‎09-22-2016

Dears,

may i know if there is any way to configure Splunk to insert Data into Database in real time using Db connect or any other method

thanks in advance

inventsekar · ‎09-22-2016

A couple of approaches :

1) The Splunk MYSQL connector includes a search command, mysqloutput, that you can use to insert or update records in a table in a MySQL database based on fields resulting from your Splunk search.

2) you could use one of the Developer SDKs, write a custom program to execute a Splunk search , process the XML/JSON/CSV result and roll this up into a SQL statement to insert/update tables in your database.

3) you could write your own custom search command , and insert this at the end of you search pipeline to insert/update your DB tables with Splunk search fields ie: index=foo sourcetype=goo | stats count by host | myCustomOutputToDBCommand

https://answers.splunk.com/answers/55134/automatically-forward-splunk-data-to-database.html

View solution in original post

inventsekar · ‎09-22-2016

A couple of approaches :

1) The Splunk MYSQL connector includes a search command, mysqloutput, that you can use to insert or update records in a table in a MySQL database based on fields resulting from your Splunk search.

2) you could use one of the Developer SDKs, write a custom program to execute a Splunk search , process the XML/JSON/CSV result and roll this up into a SQL statement to insert/update tables in your database.

3) you could write your own custom search command , and insert this at the end of you search pipeline to insert/update your DB tables with Splunk search fields ie: index=foo sourcetype=goo | stats count by host | myCustomOutputToDBCommand

https://answers.splunk.com/answers/55134/automatically-forward-splunk-data-to-database.html

Real time database insertion from Splunk

Introducing Splunk Enterprise Security 8.0!

Mastering Threat Hunting

Upcoming Community Maintenance: 10/28