Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

If we have database connectors set up in Splunk, can we create data models using database queries?

hkosuru
Explorer
‎04-15-2016 07:46 AM

Hello,

We have database connectors set up in Splunk to run database queries. Can you create Data Models using database queries?

Thanks,
Bindu

0 Karma
Reply

niemesrw
Path Finder
‎04-18-2016 08:51 PM

I'm not entirely sure what you're trying to do here, but we have done the following:

  1. use db connect and run sql query to dump out hashes of files detected by symantec (sql database)
  2. db connect populates an index=detected_hashes
  3. created CIM-compatible fields mapping the database fields to the inventory datamodel (inventory datamodel has constraint=detected_hashes)
  4. inventory datamodel can be queried to return information in the detected_hashes index

all DM commands (like acceleration) work fine.

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎04-15-2016 02:16 PM

you using db connect v1 or v2?

0 Karma
Reply

hkosuru
Explorer
‎04-15-2016 05:36 PM

currently using v1. planning to move to v2

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top