Forwarding data from Splunk to some other exernal...

SunilMaharishi · ‎01-25-2018

Hello Team ,

we have some requirement to send data to externally hosted SQL server not all but some fields data captured from different log sources should be forwarded for display in portal for some sort of mgmt reporting
for eg :- if we have email security logs integrated in splunk some fields required would be

RECEIVED GOOD MAIL
RECEIVED SPAM
RECEIVED MALWARE
and may be from firewall these all fields inputs
Count
Threat/Content Type
Action
Threat/Content Name

and from Vulnerability Mgmt these fileds
Asset IP Address
Asset Names
Site Name
Asset OS Name

These are just example inputs fields which may be considered . I am bit puzzled how can we do this to effectively send only required and limited data from splunk to SQL server

nickhills · ‎01-25-2018

Take a look at DB Connect:
http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/HowSplunkDBConnectworks

Get the app here:
https://splunkbase.splunk.com/app/2686/

If my comment helps, please give it a thumbs up!

Forwarding data from Splunk to some other exernal SQL server !

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation