Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to add SQL logs without server add-on?

mhpapa62
New Member
‎12-10-2019 12:01 PM

Can I add SQL logs without the SQL server add-on?
I need to add SQL logs. I've requested to do this on Splunk and also read many Splunk docs,
but all of them refer to the add on.

We don't have it installed and looks like we have no plans to do it in the near future.
So, in the meantime, how can I add SQL logs into Splunk 8.0.0?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-11-2019 12:02 AM

Hi @mhpapa62,
if you're speaking of SQL Server logs, they are in the Windows Event Viewer, so you can take this and search for the specific SQL Server EventCodes.
The way to take them are different: use the Windows Add-on it's the easiest way, but you can take them also by Splunk Enterprise [Settings -- data Inputs -- Remote event log collections] but this method uses WMI and needs a domain account (I don't like it!).

It's different if you want to extract data from the database: the easiest way is to use DB-Connect App, otherwise, you could schedule a query on the DB that writes results in a file and then read these files using the Splunk Universal Forwarder.

Ciao.
Giuseppe

0 Karma
Reply

mhpapa62
New Member
‎12-11-2019 05:07 AM

Thank you Giuseppe. Just a question, are you using Splunk 8? I can't find [Settings -- data Inputs -- Remote event log collections] on Splunk 8 settings. Just [Data, Report acceleration Summaries / Source Types].

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-11-2019 05:50 AM

Hi @mhpapa62,,
yes, but WMI is available only on Windows machines, so you should use an Heavy Forwarder instaled on Windows Operative System.

Ciao.
Giuseppe

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Celebrating the Winners of the ‘Splunk Build-a-thon’ Hackathon!

We are thrilled to announce the winners of the Splunk Build-a-thon, our first-ever hackathon dedicated to ...

Why You Should Register for Splunk University at .conf25

Level up before .conf25 even begins Splunk University is back in Boston, September 6–8, and it’s your chance ...

Building Splunk proficiency is a marathon, not a sprint

Building Splunk skills is a lot like training for a marathon. It’s about consistent progress, celebrating ...
Top