Splunk Search

db connect host?

a212830
Champion

Hi,

I want to pull in data from an Oracle database via db connect. I'm looking for some general guidance. I want to pull in data as near real-time. The data gets written to Oracle in 5-minute cycles. I was thinking about using the tail method.

The data is performance data from a 3rd party. It includes a time column (epoch time?), a system name, and a virtual machine name. The timestamp will be the same for each system, since the data is being collected at 5 minute intervals.

How do I:

1) map the host
2) separate the events since a whole bunch will have the same timestamp

In general, is there anything that I should be aware of using the tail command? I'm going to be pulling data from about 8 different tables.

Tags (2)
0 Karma

pmdba
Builder

You can also find it here: https://splunkbase.splunk.com/app/1538/

0 Karma

mail2pufta
New Member
0 Karma

ruhail_butt
New Member

The *.pdf above is not available anymore..

0 Karma

pmdba
Builder

Hi. There is an example of the DB Connect configuration and use of the tail command in the white paper "Real-Time Oracle 11g Log File Analysis" available at http://pmdba.files.wordpress.com/2013/05/real-time-oracle-11g-log-file-analysis.pdf. Hopefully this will help. A lot of other data input methods are also described.

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...