All Apps and Add-ons

Use dashboard with SQL database

MikeKulls
Path Finder

Is it possible to create a dashboard that gets all or some of its information from an SQL database? We find the dashboard to be an excellent tool but not all of our data is in Splunk.

Tags (1)
0 Karma
1 Solution

aelliott
Motivator

You can run queries directly from sql using the following (db connect)
dbquery command

http://docs.splunk.com/Documentation/DBX/1.1.1/DeployDBX/Commands

View solution in original post

0 Karma

aelliott
Motivator

You can run queries directly from sql using the following (db connect)
dbquery command

http://docs.splunk.com/Documentation/DBX/1.1.1/DeployDBX/Commands

0 Karma

billford
Path Finder

Yeah I can see your point. We treat things a little differently with our buckets.

0 Karma

billford
Path Finder

Well for what it's worth we do similar things with that sort of data and it works really well.

0 Karma

MikeKulls
Path Finder

I guess putting all of that data into Splunk is an option but I'm a bit concerned with overusing Splunk. It's not a relational database and I don't want to use it for cases where I should be using a rdbms. We have an 18 month turnaround for Splunk data and if I store topology information in Splunk things could get messy. eg, if I write a log every time something changes but an element doesn't change for 18 months then data will be lost. Also, searching very old data in Splunk can be slow.

0 Karma

billford
Path Finder

Yeah I would agree that could be neat. What kind of data is it?

0 Karma

MikeKulls
Path Finder

It's anything related a the workings of a large network. It could be performance data, alarms, fault reports, topology information

0 Karma

billford
Path Finder

Use dbconnect to get the data into Splunk and then dashboard it. Not sure you can do it directly but that's a really interesting feature request I think.

MikeKulls
Path Finder

Getting the data into Splunk isn't really a good option. Using SQL directly in the dashboard would be the bee's knees of features imo. I would like to see a large number of employees go to Splunk first thing in the morning to get an overview of what is working and what isn't. But not everything is in Splunk so SQL access would make this a complete solution. I could even see some dashboards getting all of their information from SQL or sources outside Splunk.

0 Karma
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...