Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk DB Connect: Install on SQL Server itself?

jasongb
Path Finder
‎06-01-2021 11:30 AM

I've been surfing the documentation for Splunk DB Connect, and can't find any indication that I need to install anything on my SQL server to utilize Splunk DB Connect.

Is it the case that all installations for drivers, etc., need to take place on the Splunk infrastructure? It seems to me that all you need on the client (e.g., heavy forwarder) are the connection information, valid credentials, and the necessary database drivers.

If a heavy forwarder has those things, it can connect to the SQL server directly, without any additional changes or installs on that SQL server - correct?

Labels (2)
Labels
Tags (2)
0 Karma
Reply

Roy_9
Motivator
‎06-01-2021 02:38 PM

I have installed it on the Heavy forwarder along with jTDS drivers and created inputs and connections using a sql service account, In my case it worked only with jTDS driver.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-01-2021 10:45 PM

Hi

it depends on SQL Server version which JDBC driver you must use. In our cases it works also on MS own drivers. See compatibility from here: https://docs.splunk.com/Documentation/DBX/3.5.1/DeployDBX/Installdatabasedrivers#Supported_databases

r. Ismo

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-01-2021 11:56 AM

You must install Splunk DB Connect, along with the associated JDK and drivers, on  a Splunk instance - preferably a heavy forwarder.  Don't install DB Connect on your SQL server unless you already have a Splunk instance there.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-01-2021 02:00 PM

As @richgalloway said you should install it on HF and actually keep it active only in one HF at time. If there is need to migrate it to second HF you must copy also those status files which keep count what events it has gotten already. That for the input/ingesting side.

Over that I suggest you also install it to SH/SHC layer to monitoring those inputs easier as DBX has quite nice dashboards for that. Also if you need to do dbqueries or use dblookups you must install it to SH-layer. BUT don't use those nodes/installations as getting data in to splunk, HFs are for that in distributed environment.

In personally I don't install it to SQL server node even I have HF there already. It's better to keep it on dedicated HF which has used for inputs. And especially if you SQL Server is HA/Cluster, you definitely must install it to another host.

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...