Anyone using Splunk for SCCM reporting, if so, any advice or must-have applications? Does DB Connect support T-SQL? WQL to SQL is a Microsoft translation through SCCM and we'd like to use Splunk instead of the report builder. Currently using the DB Connect Splunk app and connected to a CAS.
How to you integrate SCCM log to Splunk, do you have any sample on how to modify the config file?
I was able to pull raw SCCM logs via a UF installed on the SCCM server. But, I don't actually use them for anything. After a lot of difficulty I was also able to query our SCCM SQL server via DBConnect.
I used DBConnect to interface with the ConfigMgr data store.
More specifically, I use DBQuery to maintain a lookup file having most commonly referenced configuration manager client data such as name, domain, model, osname, osversion, adsitename, ipaddress, serial, etc.
More More specifically, what I do is schedule a report with | dbquery
search | lookup cmClientAttributes host as name0 OUTPUT
works for me
have fun
I know it's been five years and this is a long shot but if you remember... how did you set up DBconnect to interface with configmgr?
The following article contains a list of views of interest in ConfigMgr:
http://gallery.technet.microsoft.com/SCCM-Configmgr-2012-R2-SQL-5fefdd3b
As for a sample query:
| dbquery [connectionName] "SELECT * FROM v_R_System"
Example sql statement? I'm connected with DB Connect but having trouble getting results.