Deployment Architecture

Do we have to have a mixed account to be able to connect to an external MSSQL database?

cogrunc
New Member

We experienced an issue regarding connecting splunk with mssql databases. When we try to add a mssql database, the external database adding page gets irresponsive and gives a message at the top of this page like "splunk server may be down".

Do we have to have a mixed account to be able to connect to an external MSSQL database?

0 Karma

jkat54
SplunkTrust
SplunkTrust

If by mixed account you mean an account who has 'nix GID and windows ID... the answer is no. The username/pass for the database server should be the windows domain user/pass.

First thing to do is the troubleshooting section: http://docs.splunk.com/Documentation/DBX/1.2.2/DeployDBX/Troubleshoot

Make sure you select your appropriate version. I gave link to 1.2.2, you can change the version in upper-ish right-ish corner of the page. You might also like to review the "enhanced" troubleshooting section of version 2 because they got into more driver troubleshooting, etc. in the latest documents (not all will apply but might help).

It for sure sounds like a timeout issue. So I would start by putting dbx into debug mode (covered in the link). Then I would check index=_internal log_level=ERR* OR log_level=WARN*. Post any errors and warnings related to db connect as comments.

Finally, you can telnet to test port 1433 is open, check error logs on the sql server, and many more things. It might take a while but we'd be happy to help you if you've got the time to update this post.

Here's a link for troubleshooting SQL TCP/IP Port Setup/etc.: https://support.microsoft.com/en-us/kb/823938

Note that in windows 2010+ and I've even seen in it 2008 i believe... the TCP/IP SQL configuration has new options. You have to enable TCP/IP on the instance, and also on the IPv4 address under advanced properties.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Are you using dbconnect? If so, which version 1 or 2? If not, how are you trying to connect splunk to the external db?

0 Karma

cogrunc
New Member

Hi @jkat54

I forgot to specify the version of dbconnect. I am using dbconnect v1.

Thanks for your reply.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...