Im curious if anyone has any advice, cautionary tales, or good examples about how to go about indexing data from a database, particularly an Access database.

Is it better to write it as a scripted input doing ODBC? This seems perfectly straightforward but I know Splunk's ExecProcessor get a little unhappy and even ornery when the script doesn't want to exit and I wonder if anyone's run into troubles here. In my case I'd need to pull in new rows from the DB at least every minute if not every 30 seconds and this seems more aggressive than most scripted inputs I've seen.

The other way that springs to mind is to write a little windows service that runs constantly and polls the DB every 30 seconds and sends the data over TCP to splunk. Which doesnt seem that hard either.

So anyway, i'm looking for any recommendations or examples or stories that you have.

the documentation talks about this a bit ( http://www.splunk.com/base/Documentation/4.1/AppManagement/DataSources#Example_of_tailing_database_i... )

and it's been mentioned on Answers ( http://answers.splunk.com/questions/2448/can-splunk-monitor-mssql-database-content )

and there is an app on splunkbase ( http://splunkbase.splunk.com/apps/All/3.x/app:Script+for+database+inputs )

but the app dates back to the 3.X days which scares me a bit cause MAN that was a long time ago.

Thanks in advance for any thoughts, recommendations, examples.