Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk DB Connect 3 authentication on MySQL adding...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk DB Connect 3 authentication on MySQL adding local Splunk server name in username
Splunk is injecting the splunk servename in the remote MySQL username field when trying to create a connection.
I have installed Splunk DB Connect ver 3.1.1
I have installed the MySQL database driver 5.1
I have configured an identity with a known working MySQL username and password
I try to create a new connection and when I hit save I get the error:
Access denied for user 'db_user'@'my_splunk_server.blah.com' (using password: YES)
Why is the app adding @my_splunk_server.blah.com on the username?
I looked at tcpdump on the remote MySQL server and it is communicating with the server correctly but it is passing the username of db_user'@'my_splunk_server.blah.com instead of just db_user.
I tried changing the JDBC URL to include ?user=db_user on the edit connections page but it didn't make any difference.
Splunk Enterprise 6.5.1
DB Connect version 3.1.1
db_connections.conf
[db1]
connection_type = mysql
database = my_database
disabled = 0
host = 10.10.10.12
identity = my_database
jdbcUseSSL = false
localTimezoneConversionEnabled = false
port = 3306
readonly = true
timezone = US/Eastern
identities.conf
[my_database]
disabled = 0
password = REDACTED
use_win_auth = 0
username = db_user
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This has to do with how MySQL handles user permission. When a user is created in MySQL, it is created with a connecting host to control which hosts a user can connect FROM. Because of this, when connecting to MySQL, the connection driver passes the username AND the host you are connecting from (as 'user'@'host'). In your MySQL database, check your users with permissions. Usually, if you are going to connect from multiple hosts with a user, you will need to specify that when you create the user in the database:
mysql> CREATE USER 'user'@'%' IDENTIFIED BY 'password';
In the example, you specify the '%' as a wildcard to denote the user will connect from multiple hosts. Alternatively, you can specify the specific host of dbconnect if your mysql database is more locked down.
I would check the 'user' table in the 'system' database on your MySQL instance to make sure your dbconnect user has the proper host assigned to it, or has the host wildcard assigned.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That did it for me thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running into this issue with latest DB Connect App too.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
