Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

automatically forward splunk data to database

nielsenr
New Member
‎08-06-2012 04:05 PM

Ok so I am new to splunk and have an instance set up with logs from several servers feeding into it.
My question is can i get the data from splunk into a database(probably mysql) automatically.
There seems to be no clear explanation to say whether this is possible or not.

I have read a bit about the splunk forwarder would this be able to do it? once more there is no real explanation I can find.

Any suggestions would be helpful
thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎08-06-2012 07:15 PM

A couple of approaches :

1) The Splunk MYSQL connector includes a search command, mysqloutput, that you can use to insert or update records in a table in a MySQL database based on fields resulting from your Splunk search.

2) you could use one of the Developer SDKs, write a custom program to execute a Splunk search , process the XML/JSON/CSV result and roll this up into a SQL statement to insert/update tables in your database.

3) you could write your own custom search command , and insert this at the end of you search pipeline to insert/update your DB tables with Splunk search fields ie: index=foo sourcetype=goo | stats count by host | myCustomOutputToDBCommand

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎08-06-2012 07:15 PM

A couple of approaches :

1) The Splunk MYSQL connector includes a search command, mysqloutput, that you can use to insert or update records in a table in a MySQL database based on fields resulting from your Splunk search.

2) you could use one of the Developer SDKs, write a custom program to execute a Splunk search , process the XML/JSON/CSV result and roll this up into a SQL statement to insert/update tables in your database.

3) you could write your own custom search command , and insert this at the end of you search pipeline to insert/update your DB tables with Splunk search fields ie: index=foo sourcetype=goo | stats count by host | myCustomOutputToDBCommand

0 Karma
Reply
Solved! Jump to solution

RohiniJindam
Path Finder
‎08-14-2013 04:31 AM

@nielsenr I am trying to achieve something similar to what you stated. Could you find a solution?

0 Karma
Reply
Solved! Jump to solution

nielsenr
New Member
‎08-07-2012 02:57 PM

Thanks for the feedback
I have already looked at MYSQL connector and unless I'm mistaken it seems to only to be able to insert into a table data that has been searched form the database(please correct me if I'm wrong)

I am currently using the SDK's provided but was hoping for an easier solution (just being lazy)

umm, a custom search command never crossed my mind I'll have a look at that and see if it's useful.

Ill keep this updated with what I do. I have a feeling I'm not the first person to wonder about this, of course anymore suggestions would be welcome

0 Karma
Reply
Solved! Jump to solution

Takajian
Builder
‎08-06-2012 04:29 PM

Splunk forwarder can forward data to splunk other instance or third party software like syslogd with text format. I do not think splunk forwarder can foward data to mysql. you will need to make script to geta data from splunk and put into the mysql.

0 Karma
Reply
Solved! Jump to solution

nielsenr
New Member
‎08-07-2012 02:57 PM

Thanks for clearing that up

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...