Splunk Search

How to connect driver influxdb to Splunk db?

indeed_2000
Motivator

Hi

I want to connect influxdb via splunk db, in connection type I can't find influx db!

is there any jdbc or odbc driver exist for influxdb?

indeed_2000_1-1657976451236.png

 

 

FYI: find this repo:  https://github.com/influxdata/influxdb-java

Any idea?

Thanks

Labels (5)
0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@indeed_2000 - DB Connect supports any JDBC driver with the custom driver as well (In case your database type is not listed under the list) - https://docs.splunk.com/Documentation/DBX/3.9.0/DeployDBX/Installdatabasedrivers#Install_unsupported... (Install unsupported drivers section)

  • Please read this guide as you will require to do a few additional steps.

 

Regarding the JDBC driver, here is what I found (not used personally) - https://dbschema.com/jdbc-driver/InfluxDB.html 

 

I hope this helps!!!

indeed_2000
Motivator

@VatsalJagani Thanks for answer, I download driver that you mention and add to this path:

./etc/apps/splunk_app_db_connect/drivers

 

now need to add suitable configuration for "db_connection_types" like below

./etc/apps/splunk_app_db_connect/default/db_connection_types.conf

 


[influxdb]
displayName = influxdb
serviceClass = com.splunk.dbx2.influxdbJDBC
jdbcUrlFormat = http://<host>:<port>/<database>?org=<param>&token<param2>
jdbcDriverClass = com.dbschema.influxdb.InfluxJdbcDriver
supportedVersions = 3.0
port = 8086

 

is there any sample for this configuration for influx?

 

here is the error that I got:

 

Database connection influx_opr is invalid.
Connection failure reason:
No suitable driver found for http://192.168.1.1:8086/dbname?org=orgname&token=xxxxx

Diagnosis:
No compatible drivers were found in the 'drivers' directory.

Troubleshooting recommendation:
Copy the appropriate JDBC driver for the database you are connecting to in the 'drivers' directory.

 

 

FYI: AFAIK "ifxjdbc.jar" belong to informix driver NOT influxdb dirver! in link that you mention write that:

  • Required File(s): ifxjdbc.jar

 

 

 

Thanks,

0 Karma

yuanliu
SplunkTrust
SplunkTrust

This line, serviceClass = com.splunk.dbx2.influxdbJDBC, how did you get the class path?  It doesn't exist in splunk_app_db_connect.  As serviceClass is optional, maybe try remove it?

0 Karma

indeed_2000
Motivator

@yuanliu just copy from another line of the config file, even when I remove it got the same error that i’ve mentioned earlier.

Any other idea?

0 Karma

yuanliu
SplunkTrust
SplunkTrust

Can you verify that com.dbschema.influxdb.InfluxJdbcDriver exists in installed ifxjdbc.jar?

0 Karma

indeed_2000
Motivator

@yuanliu 

1-FYI: AFAIK "ifxjdbc.jar" belong to Informix driver NOT influxdb driver! in a link that mentions write that:

  • Required File(s): ifxjdbc.jar

 

2- “com.dbschema.influxdb.InfluxJdbcDriver” does not exist but “com.dbschema.influxdb.JdbcDriver” exist, and I try both of them!

 

Any other ideas?

0 Karma

yuanliu
SplunkTrust
SplunkTrust

Was that ifxjdbc.jar from https://dbschema.com/jdbc-drivers/InfluxDBJdbcDriver.zip linked from that document VatsalJagani posted?  It is not clear from the document who produced this InfluxDBJdbcDriver.zip.  But if ifxjdbc.jar was indeed from that zip file, you can start by contacting dbschema.

That same page also includes instructions about how to test the driver using a free version of dbschema.  That should be another good start.

0 Karma

indeed_2000
Motivator

@yuanliu yes that link. Seems dbschema create it and ask them too, did not answer yet. 

0 Karma

yuanliu
SplunkTrust
SplunkTrust
  1. I do not see ifxjdbsdriver.jar in InfluxDBJdbcDriver.zip at all:

 

 Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
   38322  Defl:N    36198   6% 02-28-2022 20:15 2642bf83  influxjdbc1.0.jar
  938572  Defl:N   858889   9% 01-29-2022 07:51 5afbc1d2  influxdb-client-java-4.1.0.jar
   17760  Defl:N    15192  15% 01-29-2022 07:51 f096e76a  influxdb-client-flux-4.1.0.jar
   50114  Defl:N    43175  14% 01-29-2022 07:51 098aa12e  influxdb-client-core-4.1.0.jar
 2355899  Defl:N  2073439  12% 12-13-2021 17:50 36dce46f  rxjava-2.2.19.jar
   21783  Defl:N    16446  25% 12-13-2021 17:50 4c18ffaa  swagger-annotations-1.6.1.jar
   73498  Defl:N    62957  14% 12-13-2021 17:50 046facb8  gson-fire-1.8.4.jar
   11724  Defl:N     8829  25% 12-13-2021 17:50 7428dff5  converter-scalars-2.9.0.jar
    4618  Defl:N     3777  18% 12-13-2021 17:50 52ff7551  converter-gson-2.9.0.jar
    5078  Defl:N     4071  20% 01-29-2022 07:51 f935e8d2  influxdb-client-utils-4.1.0.jar
   19936  Defl:N    14794  26% 09-09-2020 11:54 204031ef  jsr305-3.0.2.jar
  125435  Defl:N   113241  10% 11-30-2021 18:29 5b4aceb7  retrofit-2.9.0.jar
  792699  Defl:N   756169   5% 12-13-2021 17:50 7f8a068d  okhttp-4.7.2.jar
  243330  Defl:N   238254   2% 12-13-2021 17:50 57986634  okio-jvm-2.6.0.jar
   15796  Defl:N    14460   9% 12-13-2021 17:50 36219f83  logging-interceptor-4.7.2.jar
   49086  Defl:N    45912   7% 01-11-2021 12:49 a6fc6f40  commons-csv-1.8.jar
  242047  Defl:N   217794  10% 10-06-2021 09:09 23c8ad68  gson-2.8.8.jar
   11369  Defl:N     9316  18% 12-13-2021 17:50 e1cef112  reactive-streams-1.0.3.jar
 1379827  Defl:N  1276416   8% 12-13-2021 17:50 b7439e10  kotlin-stdlib-1.3.71.jar
  179597  Defl:N   140403  22% 12-13-2021 17:50 ac485882  kotlin-stdlib-common-1.3.71.jar
   17536  Defl:N    11687  33% 09-09-2020 11:54 e6dd8e33  annotations-13.0.jar
--------          -------  ---                            -------
 6594026          5961419  10%                            21 files
​

 

Honestly, I can't imagine any reason why the document says "Required File(s): ifxjdbc.jar".  Maybe they meant to say Required File(s): influxjdbc1.0.jar.

  • According to DbSchema application log, it is using com.wisecoders.dbschema.influxdb.JdbcDriver class, not com.dbschema.influxdb.JdbcDriver as in your sample config.  If you have copied all files from that Zip into splunk_app_db_connect, try jdbcDriverClass = com.wisecoders.dbschema.influxdb.JdbcDriver instead.
0 Karma

indeed_2000
Motivator

@yuanliu dbscema fix that page and after i retry got this error:


2022-07-21 11:54:17.730 +0430 [dw-66 - POST /api/connections/status] ERROR io.dropwizard.jersey.errors.LoggingExceptionMapper - Error handling a request: 99104a48e2c6038b
java.lang.NoSuchMethodError: java.net.URLDecoder.decode(Ljava/lang/String;Ljava/nio/charset/Charset;)Ljava/lang/String;
at com.wisecoders.dbschema.influxdb.JdbcDriver.connect(JdbcDriver.java:62)

0 Karma

yuanliu
SplunkTrust
SplunkTrust

I read the DBX document more carefully, especially db_connections.conf.spec

serviceClass = <string>
# optional
# inherits from db_connection_types.conf if not configured
# java class that serves the jdbc service for this type.

I was wrong to think that you didn't have to specify serviceClass in db_connections.conf, because the default db_connection_types.conf (obviously) would not have [influxdb] stanza for you to inherit from.  Quite interestingly, there is no db_connection_types.conf.spec to be found in the document. (Old database_types.conf  is long gone.)  So, the only reference is etc/apps/splunk_app_db_connect/default/db_connection_types.conf.

In that file, you will see that, while jdbcDriverClass' are all vendor-provided, all serviceClass' are under com.splunk.dbx2.  To me, this implies that if you want to use InfluxDB which is not supported according to default/db_connection_types.conf, you will be responsible to write this class.  I believe that this class is expected to provide a published interface to Splunk.  But I cannot find documentation of such an interface in DBX documents.  Maybe this documentation is provided in developer guide somewhere.

In a nutshell, you will need  to find that interface, and write a serviceClass for InfluxDB.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@indeed_2000 - Please ensure your entered IP, port, and other details are correct.

  • Restart Splunk after db_connection_types.conf file change.
  • Restart DB Service after driver import.

 

0 Karma

indeed_2000
Motivator

@VatsalJagani Ip/port is correct and Service restarted.
Issue still remain. Any other idea?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@indeed_2000 - Maybe try this config:

* I'm not familiar with ifluxDB so I'm not sure what org and the token variable will be.

[influxdb]
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
displayName = influxdb
jdbcDriverClass = com.dbschema.influxdb.InfluxJdbcDriver
jdbcUrlFormat = http://<host>:<port>/<database>?org=<param_org>&token=<param_token>
database = dbname
port = 8086
connection_properties = {"param_org": "default-org", "param_token": "default-token"}
0 Karma

indeed_2000
Motivator

@VatsalJagani not work, it has web ui that i can easily modify connection string. even when i write url manually it will return the error that i mention before. Seems it has issue with driver not url or configuration.

 

org=organization name

token=for authentication 

 

Any other idea?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@indeed_2000 : 😞

 

I hope this helps!!!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...