Hi try this:
After you install DB Connect and restart Splunk Enterprise, you must complete
the following setup tasks:
Enable splunkd SSL
To run DB Connect, you must enable SSL for splunkd.
1. Go to $SPLUNK_HOME/etc/system/local/server.conf.
2. In the [sslConfig] stanza, set enableSplunkdSSL to true, as shown:
[sslConfig]
enableSplunkdSSL = true
**Note**: splunkd is enabled by default.
**Complete the app setup from the UI**
1. Go to Apps > Splunk DB Connect.
The Splunk DB Connect Setup page appears.
2. Enter your JAVA_HOME path. This is where your JRE (Java Runtime Environment) resides. For example:
echo $JAVA_HOME
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre
3. Click Save.
This enables the Java Bridge Server.
Note: To verify that the Java Bridge Server is running, make sure that the scripted input jbridge_server.py is enabled.
*Command Line Setup*
You can setup DB Connect manually from the command line.
1. Create $SPLUNK_HOME/etc/apps/dbx/local/app.conf
[install]
is_configured = 1
2. Create $SPLUNK_HOME/etc/apps/dbx/local/java.conf
[java]
home = <JAVA_HOME path>
This is the path to your ( JRE) Java Runtime Environment. For example:
home=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre
3. Enable the Java Bridge Server (scripted input) in $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf
[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0
4. Create the sink for database inputs in $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf
[batch://$SPLUNK_HOME/var/spool/dbmon/*.dbmonevt]
crcSalt = <SOURCE>
disabled = 0
move_policy = sinkhole
sourcetype = dbmon:spool
5. Restart Splunk
If you wish to connect a MySQL, Oracle, DB2, or Informix database to Splunk via Splunk DB Connect, you must download and install the correct JDBC drivers as shown below.
Step 1: Download driver
Download the appropriate JDBC driver for your database, as follows:
MySQL
Download the MySQL Connector/J driver, version 5.1.24 or later (mysql-connector-java-*-bin.jar).
For Unix, Linux, and MacOS X, select the Platform Independent driver option, as follows:
Download and uncompress either ZIP or TAR archive files.
The uncompressed archive contains the JDBC driver (.jar).
Copy the mysql-connector-java-version-bin.jar file to the
$SPLUNK_HOME/etc/apps/dbx/bin/lib directory.
For Windows, select the Microsoft Windows driver option, as follows:
Download and run the the MySQL Connector/J driver for Windows MSI installer file. This installs the JDBC driver (.jar) in C:\Program Files\MySQL\MySQL Connector.
Copy the mysql-connector-java-version-bin.jar file to the %SPLUNK_HOME%\etc\apps\dbx\bin\lib directory.
**Oracle**
Download the Oracle JDBC driver (ojdbc6.jar).
**DB2**
Go to the DB2 JDBC Driver Versions download site. Login (register, if needed). As part of the login, check the license agreement checkbox, then click the I confirm button.
Check the download checkbox for: IBM Data Server Driver for JDBC and SQLJ (JCC Driver)
ibm_data_server_driver_for_jdbc_sqlj_v10.5.zip (9 MB)
Click the Download now button, saving the file to a temporary directory.
¨ Unzip the downloaded file. Copy or move the db2jcc4.jar file to the $SPLUNK_HOME$/etc/apps/dbx/bin/lib directory.
**Note**: Only move the db2jcc4.jar file to the .../dbx/bin/lib directory, not sqlj.zip, to avoid conflicts.
**Informix**
¨ Download the Informix JDBC driver (ifxjdbc.jar).
**Step 2: Install driver**
After you have downloaded the correct driver for your database and platform,
install the driver as follows:
1. Copy the driver to the $SPLUNK_HOME/etc/apps/dbx/bin/lib directory.
2. Restart Splunk.
... View more