Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I index login/logout logs from an Oracle database in Splunk?

skenkz
New Member
‎06-30-2015 05:36 AM

Hi all,

How can I index login/logout logs from an Oracle Database in Splunk?

Thanks.
Marco

0 Karma
Reply

fdi01
Motivator
‎06-30-2015 07:04 AM

For a starting tutorial on monitoring Oracle with Splunk, try Log File Analysis for Oracle 11g( https://splunkbase.splunk.com/app/1538/) . It describes most of the things you are asking about. If your Splunk installation will not be located on the same server as your Oracle database and SQL commands through DB Connect (http://docs.splunk.com/Documentation/DBX/2.0.4/DeployDBX/AboutSplunkDBConnect ) will not work to get the data you need, then you will also need to look at using the Universal Forwarder (http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/Usingforwardingagents ).

Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2015 06:03 AM

Install the Splunk DB Connect app. The app documentation will explain how to establish a connection to an Oracle database and make queries.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

skenkz
New Member
‎06-30-2015 06:15 AM

Hi richgalloway,
thanks for reply. Is it the only solution for import in Splunk logs\events?
can I send the logs from Oralce to Splunk?

Thanks.
M

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2015 06:25 AM

For getting information from the database itself, Splunk DB Connect is the best solution. You can also write your own scripted input.
For getting information about the database, there are several apps available. Search for "Oracle" at apps.splunk.com. You can also install a Splunk Universal Forwarder on your Oracle server(s) to send logs to Splunk.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

skenkz
New Member
‎06-30-2015 06:50 AM

Yes, but if i install "Splunk Universal Forwarder" on my servers Oracle, and i just want only logs access DB Oracle i must flag only "Security Log"?

Thanks.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2015 06:53 AM

I don't manage an Oracle server, so I can't be specific. I believe the "Security Log" tick box is for Windows logs, not Oracle. To forward Oracle logs, edit the input.conf file to create a new stanza monitoring the Oracle log directory.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

skenkz
New Member
‎06-30-2015 06:58 AM

Hi,
than i install "Splunk Universal Forwarder" and select from installation of Forwarder "Path to monitor", right?

Thanks.
M

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-30-2015 07:07 AM

That is right

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...