Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can Splunk read .db3 files (SQLlite)?

kiran331
Builder
‎03-16-2017 01:19 PM

Hi

We have a application which logs using SQLlite and logs are with .db3 extension. Can Splunk monitor those files?

Tags (2)
0 Karma
Reply

adauria_splunk
Splunk Employee
Splunk Employee
‎03-18-2017 05:48 AM

I doubt you can read them directly, as they are relational structures. You can test it easily enough, though.

You might want to look at the DB Connect add on. You would load the data into a database that can read it, and use Splunk to connect to the db over jdbc using DB Connect. It would use a SQL query to read the log data from the appropriate tables. You should definitely read the docs -there are a number of steps you need for setup, plus you need to load the file into an actual database server and write a query to get out the desired events.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...