Getting Data In

Splunk DB Connect: Install on SQL Server itself?

jasongb
Path Finder

I've been surfing the documentation for Splunk DB Connect, and can't find any indication that I need to install anything on my SQL server to utilize Splunk DB Connect.

Is it the case that all installations for drivers, etc., need to take place on the Splunk infrastructure? It seems to me that all you need on the client (e.g., heavy forwarder) are the connection information, valid credentials, and the necessary database drivers.

If a heavy forwarder has those things, it can connect to the SQL server directly, without any additional changes or installs on that SQL server - correct?

Labels (2)
Tags (2)
0 Karma

Roy_9
Builder

I have installed it on the Heavy forwarder along with jTDS drivers and created inputs and connections using a sql service account, In my case it worked only with jTDS driver.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

it depends on SQL Server version which JDBC driver you must use. In our cases it works also on MS own drivers. See compatibility from here: https://docs.splunk.com/Documentation/DBX/3.5.1/DeployDBX/Installdatabasedrivers#Supported_databases

r. Ismo

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You must install Splunk DB Connect, along with the associated JDK and drivers, on  a Splunk instance - preferably a heavy forwarder.  Don't install DB Connect on your SQL server unless you already have a Splunk instance there.

---
If this reply helps you, Karma would be appreciated.
0 Karma

isoutamo
SplunkTrust
SplunkTrust

As @richgalloway said you should install it on HF and actually keep it active only in one HF at time. If there is need to migrate it to second HF you must copy also those status files which keep count what events it has gotten already. That for the input/ingesting side.

Over that I suggest you also install it to SH/SHC layer to monitoring those inputs easier as DBX has quite nice dashboards for that. Also if you need to do dbqueries or use dblookups you must install it to SH-layer. BUT don't use those nodes/installations as getting data in to splunk, HFs are for that in distributed environment.

In personally I don't install it to SQL server node even I have HF there already. It's better to keep it on dedicated HF which has used for inputs. And especially if you SQL Server is HA/Cluster, you definitely must install it to another host.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...