All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Splunk for SQL stored procedures
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk for SQL stored procedures
anshu2812
Explorer
02-05-2013
06:27 AM
Hi,
I have a bunch of stored procedures in SQL which need to run at a particular interval and return results (They basically look for issues in different SQL tables). I need to create and alert based on the collated results of all stored procedures and send them to a group of people. I was thinking of using Splunk DB Connect for this but it seems it is currently not meant for distributed architecture (as it runs from Search head directly) alos our datbase tables being high transaction tables it might lead to issues in scalability.
Other option what I could think of to run stored procedures in sequence and forward XML results to indexers. While firing the alerts we can use xml-kv to extract fields and use multisearch in Splunk 5 to collate different results and fire alerts based on timestamp. Is this the correct approach?
Do we have any other example/app out of the box which I can use for my requirement? Any other approach also would be helpful which is not expensive as I read xml-kv is an expensive (load wise) operation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jodros
Builder
07-30-2014
02:56 PM
Splunk DB Connect can run on a searchhead pool and send data to indexer servers. We are doing this currently. Also, you do not need to actually index data from a database to create alerts. DB Connect can simply search against a database (as if the data were residing on indexers) and alert just the same.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pmdba
Builder
07-30-2014
01:45 PM
I realize this post hasn't been active for a while, but in case anyone else is looking for similar answers, try this: http://apps.splunk.com/app/1538. There are explanations on how to use the Oracle UTL_TCP functions to send data directly to Splunk.
In this particular case, if generating alerts is the only object then it may make sense to generate them directly out of Oracle using the UTL_MAIL or UTL_SMTP packages. If there are other reasons to index the data (like reporting historical trends in alerts or transaction rates), then generating the alerts out of Splunk makes more sense.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
eashwar
Communicator
05-15-2013
01:34 AM
hello please update the answer, i am looking to do the same
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
