Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to add SQL logs without server add-on?

mhpapa62
New Member
‎12-10-2019 12:01 PM

Can I add SQL logs without the SQL server add-on?
I need to add SQL logs. I've requested to do this on Splunk and also read many Splunk docs,
but all of them refer to the add on.

We don't have it installed and looks like we have no plans to do it in the near future.
So, in the meantime, how can I add SQL logs into Splunk 8.0.0?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-11-2019 12:02 AM

Hi @mhpapa62,
if you're speaking of SQL Server logs, they are in the Windows Event Viewer, so you can take this and search for the specific SQL Server EventCodes.
The way to take them are different: use the Windows Add-on it's the easiest way, but you can take them also by Splunk Enterprise [Settings -- data Inputs -- Remote event log collections] but this method uses WMI and needs a domain account (I don't like it!).

It's different if you want to extract data from the database: the easiest way is to use DB-Connect App, otherwise, you could schedule a query on the DB that writes results in a file and then read these files using the Splunk Universal Forwarder.

Ciao.
Giuseppe

0 Karma
Reply

mhpapa62
New Member
‎12-11-2019 05:07 AM

Thank you Giuseppe. Just a question, are you using Splunk 8? I can't find [Settings -- data Inputs -- Remote event log collections] on Splunk 8 settings. Just [Data, Report acceleration Summaries / Source Types].

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-11-2019 05:50 AM

Hi @mhpapa62,,
yes, but WMI is available only on Windows machines, so you should use an Heavy Forwarder instaled on Windows Operative System.

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...
Top