Getting Data In
Highlighted

Are there any good examples or recommendations on how to index data from an Access database?

SplunkTrust
SplunkTrust

Im curious if anyone has any advice, cautionary tales, or good examples about how to go about indexing data from a database, particularly an Access database.

Is it better to write it as a scripted input doing ODBC? This seems perfectly straightforward but I know Splunk's ExecProcessor get a little unhappy and even ornery when the script doesn't want to exit and I wonder if anyone's run into troubles here. In my case I'd need to pull in new rows from the DB at least every minute if not every 30 seconds and this seems more aggressive than most scripted inputs I've seen.

The other way that springs to mind is to write a little windows service that runs constantly and polls the DB every 30 seconds and sends the data over TCP to splunk. Which doesnt seem that hard either.

So anyway, i'm looking for any recommendations or examples or stories that you have.

the documentation talks about this a bit ( http://www.splunk.com/base/Documentation/4.1/AppManagement/DataSources#Example_of_tailing_database_i... )

and it's been mentioned on Answers ( http://answers.splunk.com/questions/2448/can-splunk-monitor-mssql-database-content )

and there is an app on splunkbase ( http://splunkbase.splunk.com/apps/All/3.x/app:Script+for+database+inputs )

but the app dates back to the 3.X days which scares me a bit cause MAN that was a long time ago.

Thanks in advance for any thoughts, recommendations, examples.

0 Karma
Highlighted

Re: Are there any good examples or recommendations on how to index data from an Access database?

Motivator

Writing your own Windows service seems like more trouble than it's worth.

Personally I'd start with the scripted input approach, and just build in timers to shut the process down if that proves to be a concern.

If that's not robust enough and you're willing to spend a little bit of money, Adiscon's Monitorware agent will do database polling and write new records out to syslog (or I think to flat files).

View solution in original post