Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Do we have to have a mixed account to be able to connect to an external MSSQL database?

cogrunc
New Member
‎01-04-2016 05:59 AM

We experienced an issue regarding connecting splunk with mssql databases. When we try to add a mssql database, the external database adding page gets irresponsive and gives a message at the top of this page like "splunk server may be down".

Do we have to have a mixed account to be able to connect to an external MSSQL database?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎01-05-2016 04:19 AM

If by mixed account you mean an account who has 'nix GID and windows ID... the answer is no. The username/pass for the database server should be the windows domain user/pass.

First thing to do is the troubleshooting section: http://docs.splunk.com/Documentation/DBX/1.2.2/DeployDBX/Troubleshoot

Make sure you select your appropriate version. I gave link to 1.2.2, you can change the version in upper-ish right-ish corner of the page. You might also like to review the "enhanced" troubleshooting section of version 2 because they got into more driver troubleshooting, etc. in the latest documents (not all will apply but might help).

It for sure sounds like a timeout issue. So I would start by putting dbx into debug mode (covered in the link). Then I would check index=_internal log_level=ERR* OR log_level=WARN*. Post any errors and warnings related to db connect as comments.

Finally, you can telnet to test port 1433 is open, check error logs on the sql server, and many more things. It might take a while but we'd be happy to help you if you've got the time to update this post.

Here's a link for troubleshooting SQL TCP/IP Port Setup/etc.: https://support.microsoft.com/en-us/kb/823938

Note that in windows 2010+ and I've even seen in it 2008 i believe... the TCP/IP SQL configuration has new options. You have to enable TCP/IP on the instance, and also on the IPv4 address under advanced properties.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎01-04-2016 09:21 AM

Are you using dbconnect? If so, which version 1 or 2? If not, how are you trying to connect splunk to the external db?

0 Karma
Reply

cogrunc
New Member
‎01-05-2016 03:34 AM

Hi @jkat54

I forgot to specify the version of dbconnect. I am using dbconnect v1.

Thanks for your reply.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...