Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

query MySQL from Splunk on Linux 64bit

rgcox1
Communicator
‎04-27-2011 02:02 PM

This is a repeat of HOWTO: query MySQL from Splunk on Linux 64bit, but that solution did not work for me. Running an Intel processor, but tried the solution with both x86 and AMD64 packages.
Unlike the previous post, I do have root access.
Running Splunk 4.2 on RHEL 5.5. 64bit

Tags (2)
0 Karma
Reply

jpass
Contributor
‎01-30-2013 07:36 AM

If you can upgrade Splunk to 4.3, the DB Connect app will allow you to do this & it's really easy to use.

0 Karma
Reply

jpass
Contributor
‎08-24-2012 04:06 PM

Create a scripted input. The script starts by checking the primary key values of my db table and compares it to the previously recorded value from the last time the script was run. If the database maximum primary key is higher than the old value I know there are new records that need to be added to splunk. Next, the script queries for all records where the max id > old max id. Output your fields and format them the way you want which you'll have to reference in transforms.conf. The last part of the script records the new max id value to be used the next time the script runs. Lastly, in Splunk Web create a scripted input and run it every few minutes, every hour...whatever interval you want.

Another option you might try is MySQL Connector It works for me in Splunk 4.3.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-27-2011 03:01 PM

You my consider instead using the pymsql python module. It's pure Python, so all you need to do is stick it in the bin directory of your app under your python script, e.g. put it in $SPLUNK_HOME/etc/apps/myapplication/bin/pymysql/ and this script in $SPLUNK_HOME/etc/apps/myapplication/bin/testconnection.py:

import traceback
import pymysql
try:
    cn = pymsql.connect(host="mydbserver",port=3306,user="root",password="whatever",db="mydatabase")
    csr = cn.cursor()
    csr.execute("SELECT 1+1 FROM DUAL")

    for r in csr:
        print r
except Exception as e:
    print e
    traceback.print_exc()
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-27-2011 04:24 PM

i wouldn't use an egg file or try to install it or anything. i would just drop the source pymysql directory right into the bin folder. It's pure Python, so that should be all you need.

0 Karma
Reply

rgcox1
Communicator
‎04-27-2011 04:19 PM

Any installation necessary, or just put the egg file in the directory?

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-27-2011 04:13 PM

it just needs to be in the python search path. the first entry in the python search path is usually the directory in which the calling script is located.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎04-27-2011 03:03 PM

There might be some squirrellyness between Python versions on the except clause. I guess you could drop the whole try...except part for testing purposes.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...