Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Integrate MSSQL standard edition with Splunk

Nawab
Communicator
‎01-28-2025 03:01 AM

We need to integrate MSSQL standard edition with splunk, so we tried sending logs to Windows Event Viewer application channel. Now we are getting logs, but the issue is logs are not parsed and we are getting all logs.

My question is if someone has integrated MSSQL standard edition with splunk. how you did it and is data parsed

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-28-2025 03:41 AM

Hi @Nawab ,

did you installed the SQL-Server Add-On https://splunkbase.splunk.com/app/2648 on the Search Heads and on the Indexers or (if present) on the Heavy Forwarders?

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Nawab
Communicator
‎01-28-2025 03:45 AM

No i didnt because there is no sourcetype or input if logs are coming in application channel

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2025 11:24 PM

Hi @Nawab ,

you should use the sourcetypes used in the add-on.

Add-on should be installed in the Forwarder used to ingest data and on the Search Heads, used for search tipe parsing activities.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-28-2025 04:21 AM

Well, the Add-On for MSSQL is the supported way of getting audit data from MSSQL databases. If you want to do it another way, you're pretty much on your own.

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎01-28-2025 03:41 AM

Hi @Nawab ,

did you installed the SQL-Server Add-On https://splunkbase.splunk.com/app/2648 on the Search Heads and on the Indexers or (if present) on the Heavy Forwarders?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-28-2025 03:06 AM

The MSSQL Add-On has installation and configuration docs. Did you read them?

https://docs.splunk.com/Documentation/AddOns/released/MSSQLServer/About

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...