Getting Data In

Are there any good examples or recommendations on how to index data from an Access database?

sideview
SplunkTrust
SplunkTrust

Im curious if anyone has any advice, cautionary tales, or good examples about how to go about indexing data from a database, particularly an Access database.

Is it better to write it as a scripted input doing ODBC? This seems perfectly straightforward but I know Splunk's ExecProcessor get a little unhappy and even ornery when the script doesn't want to exit and I wonder if anyone's run into troubles here. In my case I'd need to pull in new rows from the DB at least every minute if not every 30 seconds and this seems more aggressive than most scripted inputs I've seen.

The other way that springs to mind is to write a little windows service that runs constantly and polls the DB every 30 seconds and sends the data over TCP to splunk. Which doesnt seem that hard either.

So anyway, i'm looking for any recommendations or examples or stories that you have.

the documentation talks about this a bit ( http://www.splunk.com/base/Documentation/4.1/AppManagement/DataSources#Example_of_tailing_database_i... )

and it's been mentioned on Answers ( http://answers.splunk.com/questions/2448/can-splunk-monitor-mssql-database-content )

and there is an app on splunkbase ( http://splunkbase.splunk.com/apps/All/3.x/app:Script+for+database+inputs )

but the app dates back to the 3.X days which scares me a bit cause MAN that was a long time ago.

Thanks in advance for any thoughts, recommendations, examples.

0 Karma
1 Solution

southeringtonp
Motivator

Writing your own Windows service seems like more trouble than it's worth.

Personally I'd start with the scripted input approach, and just build in timers to shut the process down if that proves to be a concern.

If that's not robust enough and you're willing to spend a little bit of money, Adiscon's Monitorware agent will do database polling and write new records out to syslog (or I think to flat files).

View solution in original post

southeringtonp
Motivator

Writing your own Windows service seems like more trouble than it's worth.

Personally I'd start with the scripted input approach, and just build in timers to shut the process down if that proves to be a concern.

If that's not robust enough and you're willing to spend a little bit of money, Adiscon's Monitorware agent will do database polling and write new records out to syslog (or I think to flat files).

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...