Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Piping MS SQL CDC data to Splunk

b0b
Loves-to-Learn Lots
‎06-05-2024 11:57 PM

Hi, hopefully this is the right place to ask. I am pretty new to MS SQL as well as Splunk, so am curious what is the simplest way to pipe MS SQL data (the Change Data Capture data/table in particular) to Splunk, and wondering if anyone here has done/tried it?

I currently have Universal Forwarder set up on my Windows machine, and able to pipe Event Viewer stuffs to Splunk. Looked into Splunk DB Connect, but the setup process seems to be a little too complicated for me (installed Java, but not sure how to go from there). I am unsure if I am able to achieve what I want through Universal Forwarder (as my MS SQL uses Windows Authentication and from what I've read it says Windows Authentication is not supported in Universal Forwarder. Do correct me if I am wrong.). Appreciate any help. 🙂

Labels (2)
Labels
0 Karma
Reply

deepakc
Builder
‎06-06-2024 01:58 AM

In order for you to integrate with SQL data, you need to use the DB connect App as its designed for this purpose.

You have to then configure it to communicate with the SQL server, this requires various services and other components and yes there are lots of small steps, but work through them slowly.

The Change Data Capture sounds like any other table so you should be able to query it within the DB connect app and send that data to Splunk, once you have it configured.


#Start here - Follow these steps carefully. This is really good documentation - ensure you configure for your environment SQL server.
https://lantern.splunk.com/Splunk_Platform/Product_Tips/Extending_the_Platform/Configuring_Splunk_DB... 

#Install DB connect - This is typically installed onto a Heavy Forwarder (Splunk instance) Or for small environments you can install on a Search Head or All in one - but you may have performance issue should you be running lots searches, other splunk apps, and other functions etc.) The DB connect app cant be installed onto a UF.
https://splunkbase.splunk.com/app/2686 

#Docs
https://docs.splunk.com/Documentation/DBX/3.17.1/DeployDBX/AboutSplunkDBConnect 

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Top