Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Piping MS SQL CDC data to Splunk

b0b
Loves-to-Learn Lots
‎06-05-2024 11:57 PM

Hi, hopefully this is the right place to ask. I am pretty new to MS SQL as well as Splunk, so am curious what is the simplest way to pipe MS SQL data (the Change Data Capture data/table in particular) to Splunk, and wondering if anyone here has done/tried it?

I currently have Universal Forwarder set up on my Windows machine, and able to pipe Event Viewer stuffs to Splunk. Looked into Splunk DB Connect, but the setup process seems to be a little too complicated for me (installed Java, but not sure how to go from there). I am unsure if I am able to achieve what I want through Universal Forwarder (as my MS SQL uses Windows Authentication and from what I've read it says Windows Authentication is not supported in Universal Forwarder. Do correct me if I am wrong.). Appreciate any help. 🙂

Labels (2)
Labels
0 Karma
Reply

deepakc
Builder
‎06-06-2024 01:58 AM

In order for you to integrate with SQL data, you need to use the DB connect App as its designed for this purpose.

You have to then configure it to communicate with the SQL server, this requires various services and other components and yes there are lots of small steps, but work through them slowly.

The Change Data Capture sounds like any other table so you should be able to query it within the DB connect app and send that data to Splunk, once you have it configured.


#Start here - Follow these steps carefully. This is really good documentation - ensure you configure for your environment SQL server.
https://lantern.splunk.com/Splunk_Platform/Product_Tips/Extending_the_Platform/Configuring_Splunk_DB... 

#Install DB connect - This is typically installed onto a Heavy Forwarder (Splunk instance) Or for small environments you can install on a Search Head or All in one - but you may have performance issue should you be running lots searches, other splunk apps, and other functions etc.) The DB connect app cant be installed onto a UF.
https://splunkbase.splunk.com/app/2686 

#Docs
https://docs.splunk.com/Documentation/DBX/3.17.1/DeployDBX/AboutSplunkDBConnect 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...