Solved: Splunk DB connect: How to fetch logs of few tables...

shuksa · ‎07-24-2022

Hello Splunkers !!!

I am new to splunk and I am using splunk enterprises in AWS environment and want to fetch logs of few tables from SQL server, for that i have installed Splunk DB Connect .

My question is what do i need to put in the below:

Configurations > Settings >JRE Installation Path(JAVA_HOME)

if we are using splunk enterprises in the AWS environment, shall we use the JRE path of our local machine , i mean laptop on which we are working else we have use JRE path of aws environment.??

PickleRick · ‎07-24-2022

Since the dbconnect components run on your splunk server, you have to install JRE there and point splunk to that directory.

View solution in original post

shuksa · ‎07-25-2022

@PickleRick : Any step by step solutions would be very helpful for me . Although below are the steps i have already performed: Before that i want to tell my environment as: We are using 3 splunk enterprise instances in AWS Cloud environment.

We have total 3 splunk instances as - 1 Search Head, 1 indexer & 1 Heavy Forwarder in the current environment. Our client said they need to integrate PIM-ARCON tool with splunk to get the logs, so as ARCON team said they don't have any option to send data like we do as via udp/tcp data inpuit mechansim /syslog mechanism, so they are transferring data from ARCON to SQL server in a particular table, so i thought, to fetch those logs from that sql server table we need to install Splunk dbconnect. Below are the steps what i have already performed:

1- download and install splunk Dbconnect app on Heavy forwarder(HF)

2- After open the splunk dbconnect app i can see it asks for path of jre thats where i stuck

Please advice how and where to install the jre in our HF ?

PickleRick · ‎07-25-2022

You just download appropriate JRE (OpenJDK, Oracle Java, any other distribution - whatever suits you; mind the license). Install it according to the installation instructions (it's easier if you use your distribution supplied JRE) and with any luck DBConnect should detect your JRE location on its own. If it doesn't set JAVA_HOME according to https://docs.splunk.com/Documentation/DBX/3.9.0/DeployDBX/ConfigureDBConnectsettings

Additionally you need appropriate JDBC driver as described here: https://docs.splunk.com/Documentation/DBX/latest - see the proper section for your database.

shuksa · ‎07-25-2022

@PickleRick and where i need to install Splunkdb connect app on HF or SH ?? I guess on HF itself as in my environment it is main receiver on which we are getting logs from various sources.

fyi: we have small architecture of total 3 splunk instances - 1 Search head, 1 Indexer and 1 Heavy forwarder.

Please let me know

PickleRick · ‎07-26-2022

Strictly theoretically, you could install it on any of those components but the most appropriate place is the HF indeed.

PickleRick · ‎07-24-2022

Since the dbconnect components run on your splunk server, you have to install JRE there and point splunk to that directory.

shuksa · ‎07-29-2022

@PickleRick after installation of dbconnect and jre installation, i am stuck on next process, please advise.

I want to fetch logs from a "table of MSSQL server 2012" , for that i have installed jre and its path are as :

1- jre path --> /usr/lib/jvm/jre1.8.0_341

2- driver path is - /opt/splunk/etc/apps/splunk_app_db_connect/drivers/mssql-jdbc-10.2.0.jre8.jar" but after doing so i have completed both identities and connections part but after saving the connection part , i am receive error as :

Please advise on it !!

shuksa · ‎07-26-2022

@PickleRick Thanks , i guess it will work

Splunk DB connect: How to fetch logs of few tables from SQL server?

configuration

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Access Tokens Page - New & Improved