All Apps and Add-ons

can DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL), if so is there any documentation detailing the steps of integration.

soumyasaha2506
Loves-to-Learn

can DB connect be used to connect to RDS instances (oracle, MySQL and MSSQL), if so is there any documentation detailing the steps of integration.
i am currently looking at multiple DB instances that are on RDS. I want to integrate the authentication and audit related logs of these databases to be sent to splunk for security use cases.
Later, i might also be interested in other data from the db instances.

Currently i am unable to find any information on the integration, wondering if db connect can do it, if so once the connection is setup do i have to run the query similar to how i did for regular db instances or is there something different for RDS.

0 Karma

niketn
Legend

@soumyasaha2506, as suggested by @jcoates on #dbconnect on slack please configure them same way you do any Database connection. Just provide the Connection URL and Port

You would need to lookup AWS Documentation for JDBC URL (for example for Oracle): https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.html

Or for SQL Server: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jlvix1
Communicator

Sorry what do you mean by RDS? Remote Desktop Services? If you mean RDB (Relational DataBase) then the answer is yes, you can connect to all three of those, it's tricky learning how to but there are lots of examples kicking about, as well as your ability to investigate third party apps that use DB connector, I learned how to use it via reverse engineering the Mcafee app.

There are different ways to harvest DB data and this would relate to the result sets of the queries, so for example scalar queries will return a single value, tabular will return rows that come in to Splunk, or perhaps you can tell DB connector to download/sync a table regularly. It's something you will need to master, but typically you run SQL commands against the servers as a client would.

0 Karma

soumyasaha2506
Loves-to-Learn

by RDS i mean Amazon Relational Database Service (https://aws.amazon.com/rds/).
As per Wikipedia- "It is a web service running "in the cloud" designed to simplify the setup, operation, and scaling of a relational database for use in applications. Complex administration processes like patching the database software, backing up databases and enabling point-in-time recovery are managed automatically. Scaling storage and compute resources can be performed by a single API call."

My bad should have mentioned in the question itself.

EDIT: Added a snippet of wikipedia explanation of RDS. Hope it helps

0 Karma

jlvix1
Communicator

You should check compatibility then for DB connector, this is clearly defined.

Lots of the AWS stuff is REST enabled so failing the DB connector, look towards the REST connector in splunk - but beware you will be starting from scratch, you may end up creating a new component based on that! Please share if you do :).

cheers

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...