Hi All,
I have requirement to do splunk DB connect onboarding in a distributed environment, Do I need to install the splunk DB connect in the search head or heavy forwarder?
My second question is can we do the identity creation, connection and input configurations using the configs folders instead web UI
Hi
as @gcusello said you should install it to hf for using it to get data in. As your HF is outside of SC you could use also GUI if you want to add / modify inputs, connections and identities. I totally agree with @gcusello that it’s much easier to manage with gui than with conf file. If/when you are using only conf files you must add those to local not to default folder like you usually do with your own apps/TAs. This is the way how you can get splunk to crypt password In identity file (haven’t do it in long time, so check that it’s still working)! Otherwise you have db identities with plain text passwords on server file system.
I also suggest you to install DB Connect to search head as it has monitoring/health dashboards. Also if you want to use dbxquery on your SPL, then you need it on SH too.
r. Ismo
Hi @blbr123,
about the first question, it's the same but usually Heavy Forwarder is used for this role.
About the second question, yes, you can use the conf files, but it's easier to use GUI and I hint to use it, to avoid errors, anyway, you can see at https://docs.splunk.com/Documentation/DBX/3.8.0/DeployDBX/Configurationfilereference
Ciao.
Giuseppe
We are using splunk cloud and so we have app specific folders where we generally edit configurations and merge it in git and it's goes to Jenkins, so I cannot do it in web UI
Hi
as @gcusello said you should install it to hf for using it to get data in. As your HF is outside of SC you could use also GUI if you want to add / modify inputs, connections and identities. I totally agree with @gcusello that it’s much easier to manage with gui than with conf file. If/when you are using only conf files you must add those to local not to default folder like you usually do with your own apps/TAs. This is the way how you can get splunk to crypt password In identity file (haven’t do it in long time, so check that it’s still working)! Otherwise you have db identities with plain text passwords on server file system.
I also suggest you to install DB Connect to search head as it has monitoring/health dashboards. Also if you want to use dbxquery on your SPL, then you need it on SH too.
r. Ismo
Great! Thank you so much.
So in order to create the identity, I need database username and password, I got the database username but how I need to request the database password? I mean do I need to request it is it in a encrypted way or direct plain text password?
Hi @blbr123,
good for you, see next time!
Ciao and happy splunking.
Giuseppe
P.S.: karma Points are appreciated by all the contributors 😉
You will get that password as a plain text (as any other passwords) from you DB team.
When you are using GUI, then you are entering it as plain text and splunk will crypt it on the fly before it write it to local identities conf file. But when you are using directly conf files and especially files in default folder then splunk didn’t crypt that password. It will be as a plain text forever in conf file. In same TAs (at least earlier) can crypt that password on local folder when splunk restarts, but not all. For that reason you must check how it is working with DB Connect. If this didn’t work there are some alternative ways to do it based on your installation.
r. Ismo
Hi @blbr123,
if you're using Splunk Cloud, DB-Connect must be in an Heavy Forwarder.
About the second question, you're free to use the approach you prefer: you have both the ways to configure DB-Connect; in my mind, via GUI it's easier but you're free to use the way you like.
Ciao.
Giuseppe
Is it possible to onboarding using the web UI in Splunk Cloud?