Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I import data from MySQL tables into Splunk assets ?

KleeJean
Observer
‎08-15-2022 12:25 AM

I have some data in MySQL , and I have DB Content in Splunk.

Now I want import MySQL data into Splunk assets , but I just find how import data from csv files .

 

I knew this documentation : Collect and extract asset and identity data in Splunk Enterprise Security - Splunk Documentation  , but I don't know how "Use Splunk DB Connect" for import data .

KleeJean_0-1660547961438.png

 

And , this page is null (v7.0.1) : Define identity formats - Splunk Documentation 

 

PS: Sorry for my bad English.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-15-2022 08:55 AM

@KleeJean - I don't know if there is any better way to do this, but here is what will work for sure.

  • Install DB Connect on the same search head as Enterprise Security. - https://splunkbase.splunk.com/app/2686/ 
  • Create a scheduled report (keep intervals according to how often you think data in the database is getting changed.)

 

| dbxquery query="<write-your-query-here>" connection="<dbx-connection>" 
| outputlookup my_sql_data.csv​

 

  • Use my_sql_data.csv file as an Enterprise Security asset file.

 

I hope this helps!!!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-15-2022 05:20 AM

Splunk DB Connect is an app that can read data from a SQL database.  Download it from splunkbase and install it on a search head or heavy forwarder.  Documentation for DB Connect is at https://docs.splunk.com/Documentation/DBX

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

We are thrilled to announce the winners of the Splunk Build-a-thon, our first-ever hackathon dedicated to ...

Why You Should Register for Splunk University at .conf25

Level up before .conf25 even begins Splunk University is back in Boston, September 6–8, and it’s your chance ...

Building Splunk proficiency is a marathon, not a sprint

Building Splunk skills is a lot like training for a marathon. It’s about consistent progress, celebrating ...
Top