Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Integrate MSSQL standard edition with Splunk

Nawab
Communicator
‎01-28-2025 03:01 AM

We need to integrate MSSQL standard edition with splunk, so we tried sending logs to Windows Event Viewer application channel. Now we are getting logs, but the issue is logs are not parsed and we are getting all logs.

My question is if someone has integrated MSSQL standard edition with splunk. how you did it and is data parsed

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-28-2025 03:41 AM

Hi @Nawab ,

did you installed the SQL-Server Add-On https://splunkbase.splunk.com/app/2648 on the Search Heads and on the Indexers or (if present) on the Heavy Forwarders?

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎01-28-2025 03:45 AM

No i didnt because there is no sourcetype or input if logs are coming in application channel

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2025 11:24 PM

Hi @Nawab ,

you should use the sourcetypes used in the add-on.

Add-on should be installed in the Forwarder used to ingest data and on the Search Heads, used for search tipe parsing activities.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-28-2025 04:21 AM

Well, the Add-On for MSSQL is the supported way of getting audit data from MSSQL databases. If you want to do it another way, you're pretty much on your own.

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-28-2025 03:41 AM

Hi @Nawab ,

did you installed the SQL-Server Add-On https://splunkbase.splunk.com/app/2648 on the Search Heads and on the Indexers or (if present) on the Heavy Forwarders?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-28-2025 03:06 AM

The MSSQL Add-On has installation and configuration docs. Did you read them?

https://docs.splunk.com/Documentation/AddOns/released/MSSQLServer/About

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top