Getting Data In

Is it possible for Splunk to see the performance, transactions, availability, etc. from a Sybase DB on AIX 7?


I was wondering if Splunk is able to see the performance, transactions, availability, etc. from a Sybase DB on an AIX 7. Is possible, what do I have to do accomplish that?

Tags (1)


I wonder if anyone has taken a look at this since the question was asked. Sybase ASE has a sp_sysmon stored procedure but the output is a messy large text file with difficult formatting. ideally, the output of the SP could be formatted differently, or the tables directly queried via db connect. Any updates on this? My client is definitely interested.

0 Karma


Splunk is able to "see" almost anything that is currently in a plain text file - or can be made to be in a plain text file. Some things (like web server logs) come natively in this format and are super easy to set up. Some things (like Checkpoint firewalls) are far less easy and more effort has to be put into data collection.

Most data sources also require application of "knowledge" in order to make sense of them. Knowledge may be defining fields, macros, or similar in order to lay context (or "schema") over the top of the semi-structured data.

In the specific case you've cited, I don't think the "on AIX 7" part is necessarily an important part of the question. Largely "Sybase is Sybase" and the tools/techniques you would use to collect data about / from Sybase will not change (much) based on the Operating System in question. To really answer your question you have to ask some other related questions like:

  1. How do I collect Sybase performance data?
  2. Once I have collected data, what are the measurements and metrics that help this data give me insight?

With "database performance management", vendors like to make point tools that are designed for this single purpose. They take some collection tools - be they SQL scripts, shell commands, or things that use a proprietary database API - and wrap them up in some canned reports and some "dashboards" and throw it at you. The collection methods and the data collected are generally locked up inside these tools and that's just what you get.

Splunk does not do this. Most of the "data collection" tools are freely available and include source for you to be able to adapt as needed. Searches are in plain SPL and can be adapted to your needs. Also, Splunk as a tool is not locked into "just" database performance management.

But, to my knowledge, nobody has undertaken the effort to build collection tools and knowledge for Sybase performance management. As a platform this is something Splunk is absolutely capable of doing (that is, it is possible). But, with having to build all of the collection tools and knowledge objects from scratch -- it may be a large effort to reach completion.

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...