Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to get mongodb data index into splunk?

bestSplunker
Contributor
‎06-10-2019 01:13 AM

I am trying to index mongodb data into splunk,

The Hunk App for MongoDB seems to be an obsolete. Is there a best way to import mongodb data into splunk? similar to the input function of db_connect? Because I don't just import it once, when mongodb has new data, I hope it can be automatically indexed to splunk

I refer to the following documentation, but when I connect to the mongodb database that requires authentication, it prompts an error.not authorized for query on xunfeng._schema. I am sure I have created an identity XunfengMongodb.

http://www.unityjdbc.com/mongojdbc/setup/mongodb_jdbc_splunk_dbconnect_v2.pdf

splunk version: 7.2.3
db connect version 3.1.3

alt text

Tags (1)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bestSplunker
Contributor
‎07-11-2019 01:03 AM

this issue has been solved. I used an old version of the driver. so .u need download new version of mongodb driver from http://unityjdbc.com/mongojdbc/mongo_jdbc.php

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bestSplunker
Contributor
‎07-11-2019 01:03 AM

this issue has been solved. I used an old version of the driver. so .u need download new version of mongodb driver from http://unityjdbc.com/mongojdbc/mongo_jdbc.php

0 Karma
Reply
Solved! Jump to solution

Shan
Builder
‎06-10-2019 02:07 AM

Dear @bestSplunker,

have you tried the driver from the following post for DB Connect 3?
https://answers.splunk.com/answers/665976/mongodb-jdbc-driver-for-db-connect-312-not-working.html

Unsupported JDBC Drivers: https://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Installdatabasedrivers#Add_the_custom_dat...

ur own custom REST TA as called out in the following answer: https://answers.splunk.com/answers/616324/ways-to-index-mongodb-data-in-splunk.html

Thanks..

0 Karma
Reply
Solved! Jump to solution

bestSplunker
Contributor
‎06-10-2019 02:56 AM

thank you for your reply

I have download mongodb_unityjdbc_full.jar and copy the jar in the directory$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and add following data in the db_connection_types.conf file

[mongodb]
displayName = MongoDB
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
jdbcDriverClass = mongodb.jdbc.MongoDriver
jdbcUrlFormat = jdbc:mongo://host:port/database
port = 27017
ui_default_catalog = $database$

but is not working.

Customizing the API seems to be a complicated thing, and I don't want to spend too much time.

I believe DB connect 3 can connect to mongodb, and I suspect my JDBC URI configuration is error

0 Karma
Reply
Solved! Jump to solution

bestSplunker
Contributor
‎07-09-2019 06:23 PM

this issue has been solved. I used an old version of the driver. so .u need download new version of mongodb driver from http://unityjdbc.com/mongojdbc/mongo_jdbc.php

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...