Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there any good examples or recommendations on how to index data from an Access database?

sideview
SplunkTrust
SplunkTrust
‎11-18-2010 08:41 PM

Im curious if anyone has any advice, cautionary tales, or good examples about how to go about indexing data from a database, particularly an Access database.

Is it better to write it as a scripted input doing ODBC? This seems perfectly straightforward but I know Splunk's ExecProcessor get a little unhappy and even ornery when the script doesn't want to exit and I wonder if anyone's run into troubles here. In my case I'd need to pull in new rows from the DB at least every minute if not every 30 seconds and this seems more aggressive than most scripted inputs I've seen.

The other way that springs to mind is to write a little windows service that runs constantly and polls the DB every 30 seconds and sends the data over TCP to splunk. Which doesnt seem that hard either.

So anyway, i'm looking for any recommendations or examples or stories that you have.

the documentation talks about this a bit ( http://www.splunk.com/base/Documentation/4.1/AppManagement/DataSources#Example_of_tailing_database_i... )

and it's been mentioned on Answers ( http://answers.splunk.com/questions/2448/can-splunk-monitor-mssql-database-content )

and there is an app on splunkbase ( http://splunkbase.splunk.com/apps/All/3.x/app:Script+for+database+inputs )

but the app dates back to the 3.X days which scares me a bit cause MAN that was a long time ago.

Thanks in advance for any thoughts, recommendations, examples.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎11-18-2010 10:39 PM

Writing your own Windows service seems like more trouble than it's worth.

Personally I'd start with the scripted input approach, and just build in timers to shut the process down if that proves to be a concern.

If that's not robust enough and you're willing to spend a little bit of money, Adiscon's Monitorware agent will do database polling and write new records out to syslog (or I think to flat files).

View solution in original post

Reply
Solved! Jump to solution
Solution

southeringtonp
Motivator
‎11-18-2010 10:39 PM

Writing your own Windows service seems like more trouble than it's worth.

Personally I'd start with the scripted input approach, and just build in timers to shut the process down if that proves to be a concern.

If that's not robust enough and you're willing to spend a little bit of money, Adiscon's Monitorware agent will do database polling and write new records out to syslog (or I think to flat files).

Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...