How can I import data from MySQL tables into Splun...

KleeJean · ‎08-15-2022

I have some data in MySQL , and I have DB Content in Splunk.

Now I want import MySQL data into Splunk assets , but I just find how import data from csv files .

I knew this documentation : Collect and extract asset and identity data in Splunk Enterprise Security - Splunk Documentation , but I don't know how "Use Splunk DB Connect" for import data .

And , this page is null (v7.0.1) : Define identity formats - Splunk Documentation

PS: Sorry for my bad English.

VatsalJagani · ‎08-15-2022

@KleeJean - I don't know if there is any better way to do this, but here is what will work for sure.

Install DB Connect on the same search head as Enterprise Security. - https://splunkbase.splunk.com/app/2686/
Create a scheduled report (keep intervals according to how often you think data in the database is getting changed.)

| dbxquery query="<write-your-query-here>" connection="<dbx-connection>" 
| outputlookup my_sql_data.csv

Use my_sql_data.csv file as an Enterprise Security asset file.

I hope this helps!!!

richgalloway · ‎08-15-2022

Splunk DB Connect is an app that can read data from a SQL database. Download it from splunkbase and install it on a search head or heavy forwarder. Documentation for DB Connect is at https://docs.splunk.com/Documentation/DBX

---
If this reply helps you, Karma would be appreciated.

How can I import data from MySQL tables into Splunk assets ?

CSV

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms