Splunk is injecting the splunk servename in the remote MySQL username field when trying to create a connection.
I have installed Splunk DB Connect ver 3.1.1
I have installed the MySQL database driver 5.1
I have configured an identity with a known working MySQL username and password
I try to create a new connection and when I hit save I get the error:
Access denied for user 'db_user'@'my_splunk_server.blah.com' (using password: YES)
Why is the app adding @my_splunk_server.blah.com on the username?
I looked at tcpdump on the remote MySQL server and it is communicating with the server correctly but it is passing the username of db_user'@'my_splunk_server.blah.com instead of just db_user.
I tried changing the JDBC URL to include ?user=db_user on the edit connections page but it didn't make any difference.
Splunk Enterprise 6.5.1
DB Connect version 3.1.1
connection_type = mysql
database = my_database
disabled = 0
host = 10.10.10.12
identity = my_database
jdbcUseSSL = false
localTimezoneConversionEnabled = false
port = 3306
readonly = true
timezone = US/Eastern
disabled = 0
password = REDACTED
use_win_auth = 0
username = db_user
This has to do with how MySQL handles user permission. When a user is created in MySQL, it is created with a connecting host to control which hosts a user can connect FROM. Because of this, when connecting to MySQL, the connection driver passes the username AND the host you are connecting from (as 'user'@'host'). In your MySQL database, check your users with permissions. Usually, if you are going to connect from multiple hosts with a user, you will need to specify that when you create the user in the database:
mysql> CREATE USER 'user'@'%' IDENTIFIED BY 'password';
In the example, you specify the '%' as a wildcard to denote the user will connect from multiple hosts. Alternatively, you can specify the specific host of dbconnect if your mysql database is more locked down.
I would check the 'user' table in the 'system' database on your MySQL instance to make sure your dbconnect user has the proper host assigned to it, or has the host wildcard assigned.