Splunk Enterprise

Splunk DB connect: How to fetch logs of few tables from SQL server?

shuksa
Engager

Hello Splunkers !!!

I am new to splunk and I am using splunk enterprises in AWS environment and want to fetch logs of few tables from SQL server, for that i have installed Splunk DB Connect .

My question is what do i need to put in the below:

Configurations > Settings >JRE Installation Path(JAVA_HOME)
 
if we are using splunk enterprises in the AWS environment, shall we use the JRE path of our local machine , i mean laptop on which we are working else we have use JRE path of aws environment.??
 
Labels (1)
Tags (2)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

Since the dbconnect components run on your splunk server, you have to install JRE there and point splunk to that directory.

View solution in original post

0 Karma

shuksa
Engager

@PickleRick : Any step by step solutions would be very helpful for me . Although below are the steps i have already performed: Before that i want to tell my environment as: We are using 3 splunk enterprise instances in AWS Cloud environment.

We have total 3 splunk instances as - 1 Search Head, 1 indexer & 1 Heavy Forwarder in the current environment. Our client said they need to integrate PIM-ARCON tool with splunk to get the logs, so as ARCON team said they don't have any option to send data like we do as via udp/tcp data inpuit mechansim /syslog mechanism, so they are transferring data from ARCON to SQL server in a particular table, so i thought, to fetch those logs from that sql server table we need to install Splunk dbconnect. Below are the steps what i have already performed:

1- download and install splunk Dbconnect  app on Heavy forwarder(HF) 

2- After open the splunk dbconnect app i can see it asks for path of jre thats where i stuck

Please advice how and where to install the jre in our HF ? 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

You just download appropriate JRE (OpenJDK, Oracle Java, any other distribution - whatever suits you; mind the license). Install it according to the installation instructions (it's easier if you use your distribution supplied JRE) and with any luck DBConnect should detect your JRE location on its own. If it doesn't set JAVA_HOME according to https://docs.splunk.com/Documentation/DBX/3.9.0/DeployDBX/ConfigureDBConnectsettings

Additionally you need appropriate JDBC driver as described here: https://docs.splunk.com/Documentation/DBX/latest - see the proper section for your database.

0 Karma

shuksa
Engager

@PickleRick and where i need to install Splunkdb connect app on HF or SH ?? I guess on HF itself as in my environment it is main receiver on which we are getting logs from various sources.

fyi: we have small architecture of total 3 splunk instances - 1 Search head, 1 Indexer and 1 Heavy forwarder.

Please let me know

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Strictly theoretically, you could install it on any of those components but the most appropriate place is the HF indeed.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Since the dbconnect components run on your splunk server, you have to install JRE there and point splunk to that directory.

0 Karma

shuksa
Engager

@PickleRick  after installation of dbconnect and jre installation, i am stuck on next process, please advise.

I want to fetch logs from a "table of  MSSQL server 2012" , for that i have installed jre and its path are as : 

1- jre path -->  /usr/lib/jvm/jre1.8.0_341

2- driver path is  - /opt/splunk/etc/apps/splunk_app_db_connect/drivers/mssql-jdbc-10.2.0.jre8.jar" but after doing so i have completed both identities and connections part but after saving the connection part , i am receive error as :

shuksa_0-1659094881208.png

Please advise on it !!

0 Karma

shuksa
Engager

@PickleRick Thanks , i guess it will work  

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...