Re: Adding large number of databases to DB Connect

theouhuios · ‎02-03-2014

Hello

Has anyone of you faced an issue where you had to add 300-500 DB Connections to DB Connect? If you did , did you use any easy method to solve it rather than adding each one of them manually? Please let me know if there is any better way to do it rather than adding it manually.

Update:

I am using the database.conf to do this as of now. But would like to know if there is a way to automate the part where splunk can update the conf file with all necessary parameters in case a new Database is being stood up. This can either be from a FAT file or from a DNS entry or by using a OID.

araitz · ‎02-06-2014

You could automate this via scripting calls to Splunk's REST API to create connections, but the details are far beyond the scope of what is possible via this answer.

araitz · ‎02-06-2014

The Splunk REST API is pretty nuanced. In short, you make a GET request to /services/admin/databases/_new to get the required and optional fields. Then, to create a new database, you would POST to /services/admin/databases with the required and optional fields you want in the payload of the POST (aka postargs).

Note that this is just a workaround for automation, and that the REST interface for DB Connect could change in future versions.

theouhuios · ‎02-06-2014

Would you suggest making REST API calls based on OID ?

Adding large number of databases to DB Connect

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life