Getting Data In

Splunk DB Connect: Install on SQL Server itself?

jasongb
Path Finder

I've been surfing the documentation for Splunk DB Connect, and can't find any indication that I need to install anything on my SQL server to utilize Splunk DB Connect.

Is it the case that all installations for drivers, etc., need to take place on the Splunk infrastructure? It seems to me that all you need on the client (e.g., heavy forwarder) are the connection information, valid credentials, and the necessary database drivers.

If a heavy forwarder has those things, it can connect to the SQL server directly, without any additional changes or installs on that SQL server - correct?

Labels (2)
Tags (2)
0 Karma

Roy_9
Motivator

I have installed it on the Heavy forwarder along with jTDS drivers and created inputs and connections using a sql service account, In my case it worked only with jTDS driver.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

it depends on SQL Server version which JDBC driver you must use. In our cases it works also on MS own drivers. See compatibility from here: https://docs.splunk.com/Documentation/DBX/3.5.1/DeployDBX/Installdatabasedrivers#Supported_databases

r. Ismo

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You must install Splunk DB Connect, along with the associated JDK and drivers, on  a Splunk instance - preferably a heavy forwarder.  Don't install DB Connect on your SQL server unless you already have a Splunk instance there.

---
If this reply helps you, Karma would be appreciated.
0 Karma

isoutamo
SplunkTrust
SplunkTrust

As @richgalloway said you should install it on HF and actually keep it active only in one HF at time. If there is need to migrate it to second HF you must copy also those status files which keep count what events it has gotten already. That for the input/ingesting side.

Over that I suggest you also install it to SH/SHC layer to monitoring those inputs easier as DBX has quite nice dashboards for that. Also if you need to do dbqueries or use dblookups you must install it to SH-layer. BUT don't use those nodes/installations as getting data in to splunk, HFs are for that in distributed environment.

In personally I don't install it to SQL server node even I have HF there already. It's better to keep it on dedicated HF which has used for inputs. And especially if you SQL Server is HA/Cluster, you definitely must install it to another host.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...