Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Database to file

harshavrath
Contributor
‎03-14-2014 06:12 AM

Hi,

Is there a way to extract data from an database on regular intervals & save it in an file which can be supplied to Splunk as input.

I don't want to use Splunk Db Connect initially my boss wants to try the manual way.

I got to know Scripts can be used for this purpose.

I need some specific information on how it can be done.

Any help is appreciated.

Cheers.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lpolo
Motivator
‎03-14-2014 06:33 AM

Approach 1:

1) Create a script in python that will connect to your database and get the results you need to from your database.
2) Configure a data input script in splunk to schedule your script to run in the intervals you need. In the configuration of this data input, you specify the index where the results will stored in splunk for future retrieval and along with its source type.

Approach 2:

1) Install SplunkDB in your splunk instance.
2) Configure the DB connection to access the database you need.
3) Create a scheduled search for the intervals you need. The schedule search contains the SQL query that will retrieve the information you need from your database. In the configuration of this scheduled search, you specify the index where the results will stored in splunk for future retrieval and along with its source type.

View solution in original post

Reply
Solved! Jump to solution
Solution

lpolo
Motivator
‎03-14-2014 06:33 AM

Approach 1:

1) Create a script in python that will connect to your database and get the results you need to from your database.
2) Configure a data input script in splunk to schedule your script to run in the intervals you need. In the configuration of this data input, you specify the index where the results will stored in splunk for future retrieval and along with its source type.

Approach 2:

1) Install SplunkDB in your splunk instance.
2) Configure the DB connection to access the database you need.
3) Create a scheduled search for the intervals you need. The schedule search contains the SQL query that will retrieve the information you need from your database. In the configuration of this scheduled search, you specify the index where the results will stored in splunk for future retrieval and along with its source type.
Reply
Solved! Jump to solution

lpolo
Motivator
‎03-14-2014 07:31 AM

This might be a start point:
http://docs.splunk.com/Documentation/Splunk/latest/Data/Setupcustominputs#Add_a_scripted_input_via_i...

0 Karma
Reply
Solved! Jump to solution

harshavrath
Contributor
‎03-14-2014 07:11 AM

Hi Ipolo,
can you give any specifics as how to create a script any source that i can refer to.

0 Karma
Reply
Solved! Jump to solution

harshavrath
Contributor
‎03-14-2014 06:26 AM

Oracle SQL Developer

0 Karma
Reply
Solved! Jump to solution

aelliott
Motivator
‎03-14-2014 06:24 AM

What kind of database is it?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Introducing .conf Stories Series!

“.conf Stories” Series – First Feature: Rich Mahlerwein   Every year .conf brings together some of the most ...
Top