All Apps and Add-ons

Splunk Add-On for Oracle Database

mikemartin3doj
New Member

We have installed the Splunk Add-on for Oracle Database on the Universal Forwarder that is running on our database server. The database is sending the audit log to .xml files. We have set up the inputs.conf to monitor the audit log directory. The events are being sent to the correct index, I can see them in a search. However, the events are still not being parsed correctly. Is there any other configurations I need to do on the universal forwarder to get the events parsed correctly? Is there anything we need to do to get this working? We cannot use DBConnect to grab the logs due to legacy database issues.

Thanks in advance.

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

The add-on should also be installed on the indexers and search heads (with inputs disabled).

Putting the add-on on the UF defines the input, but then the indexer and search head don't know what to do with the data.
Installing the add-on on the indexer tells it how to parse timestamps and extract fields at index time.
Installing the add-on on the SH tells it how to perform search-time extractions.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The add-on should also be installed on the indexers and search heads (with inputs disabled).

Putting the add-on on the UF defines the input, but then the indexer and search head don't know what to do with the data.
Installing the add-on on the indexer tells it how to parse timestamps and extract fields at index time.
Installing the add-on on the SH tells it how to perform search-time extractions.

---
If this reply helps you, Karma would be appreciated.
0 Karma

mikemartin3doj
New Member

Thank you. We don't control the Indexers and Search Heads, so I hope we can get our Splunk admins to install it.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...