Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk db connect

aalaa
Path Finder
‎01-15-2020 02:30 AM

Hello community ,

I would like to know where splunk db connect stored data ?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DavidHourani
Super Champion
‎01-15-2020 05:05 AM

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

View solution in original post

Reply
Solved! Jump to solution
Solution

DavidHourani
Super Champion
‎01-15-2020 05:05 AM

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

Reply
Solved! Jump to solution

aalaa
Path Finder
‎01-15-2020 05:31 AM

Thank you David , and what about the other data ? how splunk store it ?
I would like to know how splunk store data

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎01-15-2020 05:53 AM

You're welcome @aalaa.

This document explains how Splunk stores data, what the index structure is and what the buckets inside an index are:
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/HowSplunkstoresindexes

All your indexed data is stored on your indexers and the structure of each data index is as the one you'll see described in the link above.

Let me know if that helps and if there's anything I missed.

0 Karma
Reply
Solved! Jump to solution

aalaa
Path Finder
‎01-15-2020 06:58 AM

Thank you very much David
it's very helpfull !

0 Karma
Reply
Solved! Jump to solution

PvandenHondel
Explorer
‎01-15-2020 04:50 AM

Sorry, but your question is not clear to me. Do you mean where does the Splunk DB Connect stores it's data that is being queried from a database table? Or where does the Splunk DB Connect saves it's config files. Please clarify.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...