Re: syslog report from an externan DB

lcunha · ‎01-09-2012

Hi,

i am using an mysql database to store the syslog logs. Can splunk work with this and produce syslog reports and analisys?

rgaube · ‎05-31-2017

By now the Splunk app DB connect (https://docs.splunk.com/Documentation/DBX/3.0.3/DeployDBX/AboutSplunkDBConnect) could be used to pull out the syslog data from the database.

dwaddle · ‎01-09-2012

It would take some work, but yes. Splunk does not natively read out of MySQL databases, and it cannot use them for storage. Splunk uses its own on-disk data structure to store log data, and reads out of it search time. So you would wind up storing all of your syslogs twice - once in mysql and once in Splunk.

You would have two ways of getting your data into Splunk -- the easiest would be to have whatever is putting it into mysql to also write to flat files which Splunk could ingest. Alternately, you could write a script that pulls events out of MySQL and feeds them into Splunk (this could be the more difficult path)

Ayn · ‎01-09-2012

No, not without significant effort. Splunk isn't designed to read data from an external database in that way - it has its own database (its "index") which it operates on that is built specifically for Splunk's purposes. You could of course write a script that pulls everything out of the database into Splunk's own index but you'd just end up with the same data in two places.

syslog report from an externan DB

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation