Archive
Highlighted

Adding large number of databases to DB Connect

Motivator

Hello

Has anyone of you faced an issue where you had to add 300-500 DB Connections to DB Connect? If you did , did you use any easy method to solve it rather than adding each one of them manually? Please let me know if there is any better way to do it rather than adding it manually.

Update:

I am using the database.conf to do this as of now. But would like to know if there is a way to automate the part where splunk can update the conf file with all necessary parameters in case a new Database is being stood up. This can either be from a FAT file or from a DNS entry or by using a OID.

Highlighted

Re: Adding large number of databases to DB Connect

Splunk Employee
Splunk Employee

You could automate this via scripting calls to Splunk's REST API to create connections, but the details are far beyond the scope of what is possible via this answer.

Highlighted

Re: Adding large number of databases to DB Connect

Motivator

Would you suggest making REST API calls based on OID ?

0 Karma
Highlighted

Re: Adding large number of databases to DB Connect

Splunk Employee
Splunk Employee

The Splunk REST API is pretty nuanced. In short, you make a GET request to /services/admin/databases/_new to get the required and optional fields. Then, to create a new database, you would POST to /services/admin/databases with the required and optional fields you want in the payload of the POST (aka postargs).

Note that this is just a workaround for automation, and that the REST interface for DB Connect could change in future versions.

0 Karma