Getting Data In

Forwarding data from Splunk to some other exernal SQL server !

SunilMaharishi
Path Finder

Hello Team ,

we have some requirement to send data to externally hosted SQL server not all but some fields data captured from different log sources should be forwarded for display in portal for some sort of mgmt reporting
for eg :- if we have email security logs integrated in splunk some fields required would be

RECEIVED GOOD MAIL
RECEIVED SPAM
RECEIVED MALWARE
and may be from firewall these all fields inputs
Count
Threat/Content Type
Action
Threat/Content Name

and from Vulnerability Mgmt these fileds
Asset IP Address
Asset Names
Site Name
Asset OS Name

These are just example inputs fields which may be considered . I am bit puzzled how can we do this to effectively send only required and limited data from splunk to SQL server

Tags (1)
0 Karma

nickhills
Ultra Champion

Take a look at DB Connect:
http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/HowSplunkDBConnectworks

Get the app here:
https://splunkbase.splunk.com/app/2686/

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...