Getting Data In

How can I import data from MySQL tables into Splunk assets ?

KleeJean
Observer

I have some data in MySQL , and I have DB Content in Splunk.

Now I want import MySQL data into Splunk assets , but I just find how import data from csv files .

 

I knew this documentation : Collect and extract asset and identity data in Splunk Enterprise Security - Splunk Documentation  , but I don't know how "Use Splunk DB Connect" for import data .

KleeJean_0-1660547961438.png

 

And , this page is null (v7.0.1) : Define identity formats - Splunk Documentation 

 

PS: Sorry for my bad English.

Labels (1)
Tags (1)
0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@KleeJean - I don't know if there is any better way to do this, but here is what will work for sure.

  • Install DB Connect on the same search head as Enterprise Security. - https://splunkbase.splunk.com/app/2686/ 
  • Create a scheduled report (keep intervals according to how often you think data in the database is getting changed.)

 

| dbxquery query="<write-your-query-here>" connection="<dbx-connection>" 
| outputlookup my_sql_data.csv​

 

  • Use my_sql_data.csv file as an Enterprise Security asset file.

 

I hope this helps!!!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk DB Connect is an app that can read data from a SQL database.  Download it from splunkbase and install it on a search head or heavy forwarder.  Documentation for DB Connect is at https://docs.splunk.com/Documentation/DBX

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...