Deployment Architecture

If we have database connectors set up in Splunk, can we create data models using database queries?

hkosuru
Explorer

Hello,

We have database connectors set up in Splunk to run database queries. Can you create Data Models using database queries?

Thanks,
Bindu

0 Karma

niemesrw
Path Finder

I'm not entirely sure what you're trying to do here, but we have done the following:

  1. use db connect and run sql query to dump out hashes of files detected by symantec (sql database)
  2. db connect populates an index=detected_hashes
  3. created CIM-compatible fields mapping the database fields to the inventory datamodel (inventory datamodel has constraint=detected_hashes)
  4. inventory datamodel can be queried to return information in the detected_hashes index

all DM commands (like acceleration) work fine.

0 Karma

muebel
SplunkTrust
SplunkTrust

you using db connect v1 or v2?

0 Karma

hkosuru
Explorer

currently using v1. planning to move to v2

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...