Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I import data from MySQL tables into Splunk assets ?

KleeJean
Observer
‎08-15-2022 12:25 AM

I have some data in MySQL , and I have DB Content in Splunk.

Now I want import MySQL data into Splunk assets , but I just find how import data from csv files .

 

I knew this documentation : Collect and extract asset and identity data in Splunk Enterprise Security - Splunk Documentation  , but I don't know how "Use Splunk DB Connect" for import data .

KleeJean_0-1660547961438.png

 

And , this page is null (v7.0.1) : Define identity formats - Splunk Documentation 

 

PS: Sorry for my bad English.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-15-2022 08:55 AM

@KleeJean - I don't know if there is any better way to do this, but here is what will work for sure.

  • Install DB Connect on the same search head as Enterprise Security. - https://splunkbase.splunk.com/app/2686/ 
  • Create a scheduled report (keep intervals according to how often you think data in the database is getting changed.)

 

| dbxquery query="<write-your-query-here>" connection="<dbx-connection>" 
| outputlookup my_sql_data.csv​

 

  • Use my_sql_data.csv file as an Enterprise Security asset file.

 

I hope this helps!!!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-15-2022 05:20 AM

Splunk DB Connect is an app that can read data from a SQL database.  Download it from splunkbase and install it on a search head or heavy forwarder.  Documentation for DB Connect is at https://docs.splunk.com/Documentation/DBX

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...