Installation

How to monitor jobs from MySQL table using Splunk?

New Member

I have a table in which I am logging the job details. I wanted to monitor the stats through Splunk.

Questions:
1. How to connect with MySQL for continuous data updates and monitoring - I installed Splunk Light as of now.
2. The data volume will be few rows everyday - is it free to use for that data volume?
3. Should I use Splunk or Splunk Light? Does it require any other installations as well?

Need to run a demo.. Would be really helpful if someone can point to a resource for getting set up and be able to read data.

Thanks in advance.
Regards

Labels (1)
0 Karma

Splunk Employee
Splunk Employee

if your use case about finding out information related to
user

object

instancename

database
version
query

query_time

Then Have a look at splunk stream https://splunkbase.splunk.com/app/1809/ , it is not recommended for free user but It work like sniffer, you dont even need to enable audit on the database which may DB admin will complain about it any way.

stream will let you get

0 Karma

SplunkTrust
SplunkTrust

Splunk light isn't recommended or supported for DB Connect (see first set of notes here), the app you'll need to install to read MySQL tables. I'd recommend Splunk Enterprise Free. Another reason is that when dealing with the free versions, Splunk Light has more limitations than Splunk Enterprise so you might as well use the more full featured one since it's the same price.

The free version will index up to 500 MB/day. You mention "a few rows every day" which sounds like far less than that, so from your description you should be fine. While obviously it's a fairly low limit, it's high enough to index quite a few things without worry. As long as you keep an eye on it, you should be fine here too - the 500 MB/day has a small amount of leeway in that up to 3 times in each 30 day window you can go over that amount, incurring a licensing violation but nothing else. Enterprise non-free lets you go over your license 5 times per 30 day window. Very handy to onboard new data sources you didn't except to be that big, or for the occasional "Oh my, what happened HERE?!?" problem.

Now, on to your task specifically.

If you set up Splunk Enterprise (pretty easy, really), you'll need to install a few prerequisites (java at least - check for more and follow the instructions) on your system, then install the Splunk DB Connect 2 app. Easiest way is after logging into your copy of Splunk the first time, click the gears beside "Apps" in the upper left and select "Manage Apps". In there, click Browse More Apps and search for DB connect 2. Click Install or whatever and restart when/if required.

Actually, here I was going to point you to Splunk's generally excellent documentation, but I realize the link I was going to use, that of the Installation and setup checklist for DB Connect, outlines what I just wrote above anyway so why don't you start there and see where it gets you?

If you get stuck, ask again!

0 Karma

Splunk Employee
Splunk Employee

Splunk Light is probably the way to go.

refer to the docs on scripted inputs

0 Karma