Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripted Input

sushma6
New Member
‎03-04-2014 01:35 AM

Hi,

I have an SQL query which queries the database and generated an html file as output. I run this query for every half an hour. Need to do the same using SPLUNK. Please help me on the below questions:

-- How can I give SQL query as input to the SPLUNK?
-- How can I automate it to run it for every half an hour and generate an excel sheet?

Thanks in advance for your help!

Regards,
Sushma.

Tags (1)
0 Karma
Reply

jpass
Contributor
‎03-04-2014 07:32 AM

I'd use a scripted input that queries your db and prints the return to the screen. Schedule this scripted input to run every 30 mins. I do this for 20 inputs and it works perfectly.

  1. make sure your splunk machine can talk to your db server
  2. create a perl or python script in $splunk_home$/bin/scripts. I use PERL: 'get_my_data.pl'
  3. this script is very simple. I selects any new records from the database and prints them to screen
  4. each time the script runs it needs to record some value that allows your script to know what is 'new' versus what is 'old' aka...already indexed.
  5. All the databases I maintain have a 'auto_incremented primary key' which I use in my scripts to figure out what is 'new data' that should be indexed. My script always ends by recording the new 'max primary key id'. Then, each time it runs, it only selects records that have a primary key id greater then the previously recorded maximum id.
  6. Since you're printing your output to the screen, you can format it any way you please. You can then configure Splunk to notice this format if it doesn't do so automatically (csv etc).
0 Karma
Reply

linu1988
Champion
‎03-04-2014 03:01 AM

Hello Sushma,
You need to use the Splunk app for DB Connect. You can configure your database according to the database type and then configure the savedsearch to run the queries for you using |dbquery command. You will find all the documentation on splunk site itself.

You also have the option to get the results in CSV file or xml format. But to get that in an excel file you need to use some scripting with the savedsearch result parameters.

_http://docs.splunk.com/Documentation/DBX/1.1.3/DeployDBX/Configuredatabasemonitoring

Thanks

0 Karma
Reply

linu1988
Champion
‎03-04-2014 06:41 AM

Yes it will work, then you need to format it properly. The excel file output you need to a script.

In inputs.conf you need to make a bat/cmd file entry and have a sql file as input.

0 Karma
Reply

sushma6
New Member
‎03-04-2014 03:19 AM

Rather than using Splunk app for DB Connect, if I install Splunk agent on the DB box and under inputs.conf file if I include my script location, won't that work? I dont want to use any apps

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...