Re: Extracting data from Splunk using splunkmse

divam · ‎01-27-2011

Hi All,

We are using splunk and we need to extract application data into a Datawaehouse to report alongside other dimentions from different sources.

So we installed splunkmse as a virtual machine. Now when I use the admin user to create a table in mysql all is good and I am able to extract data, but unfortunately when I try the same with my own user, I am not able to 1) get all the saved searches. 2) The ones that get created do not show data.

Could anyone advise what I could be doing wrong, unortunately I cant have access to the admin user.

Any help is much appreciated.

Thanks, Divam

Ron_Naken · ‎02-02-2011

I believe you will need DBA privileges to the mysql instance on SplunkMSE. If I recall, it modifies entries in the _schema database when it builds tables for the saved searches.

Have the admin ssh into SplunkMSE and run the following commands in mysql>:

CREATE USER 'divam'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'divam'@'localhost' WITH GRANT OPTION;

That should give you all the necessary privileges without requiring admin access to the SplunkMSE virtual appliance. Determining what privileges/rights you will need without DBA access could be a significant undertaking.

Extracting data from Splunk using splunkmse

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation