All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how can we configure multiple servers for a single index on Splunk

deeptha1992
New Member
‎01-31-2019 05:09 AM

I need to get data from more than 100 servers. every servers are standalone (there is no topology like one master and others are client.) I have created one connection with splunk DB connect app. But that will give data only from that connected server. How I can connect these every 100 + servers into one index?

0 Karma
Reply

deeptha1992
New Member
‎02-01-2019 12:06 AM

Thank you for your answers..

0 Karma
Reply

vishaltaneja070
Motivator
‎01-31-2019 05:51 AM

If it is really required, then you can do it with the help of configuration file as well. Which i think will be easy for you.

create new connection using db_connections.conf and identities.conf.

0 Karma
Reply

DMohn
Motivator
‎01-31-2019 05:18 AM

As tedious as this may sound - add DB connections for the other 100+ servers as well...

If you really need to run the same query on several dozens of (unconnected) DB servers, this might be the only reasonable solution. As long as we don't know which type of DB you are querying we can't tell if there might be some other, easier (non-splunk?) solution for this. But generally, you have to have one input per DB you are getting data from.

Maybe you don't have to set up each and every connection via the DBconnect UI, bur you can edit the config files directly, which - depending on the editor you are using - might be faster.

Please, keep one thing in mind when setting this up: DBConnect isn't the "cheapest" way of getting data into Splunk, from a system performance standpoint. So you might consider setting the query intervals in such a way that it spreads the load over some time, don't trigger all queries at once!

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...