×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
phunte
Explorer
Member since: ‎10-01-2013
‎04-17-2023
Community Statistics
Posts 8
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎10-01-2013
Activity Feed
View All

Re: Splunk DB Connect V3.7.0 major security hole?

by in All Apps and Add-ons
‎04-01-2022 02:36 PM
‎04-01-2022 02:36 PM
I looked in the logs and found: Audit:[timestamp=04-01-2022 21:26:04.972, user=paul_test, action=search, info=granted , search_id='1648848364.3568_92A9F529-CFA9-4D65-AE92-69A9879F486E', search='| dbxquery connection=gemini_ro query="SELECT * from users LIMIT 1"', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Fri Apr 1 17:26:00 2022', apiEndTime='Fri Apr 1 21:26:04 2022', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"] This ran successfully, but the user paul_test was not given permission on connection gemini_ro?? ... View more

Re: dbxquery - Major Security Hole?

by in All Apps and Add-ons
‎03-29-2022 12:53 PM
‎03-29-2022 12:53 PM
I have made a new role and given it only certain connections. It looks good, a new user can only see those connections in db connect. However the user can access connections that they cannot ssee and should have no access to, as long as they know the connection name   ... View more

Re: dbxquery - Major Security Hole?

by in All Apps and Add-ons
‎03-17-2022 01:40 PM
‎03-17-2022 01:40 PM
Thank-you for taking the time to respond isoutamo. I have read the instructions again, and know I must be doing something wrong with roles, but cannot see what? I set up a new role and gave it the same capabilities as db_connect_user, plus search. I assigned a test user to have this new role. (I allowed "Search & Reporting" to be visible to this role). I set up a DB Connect identity where this role has read capability. I set up a DB Connect connection to a database using this identity. The test user can access the new connection. However the test user can also access a connection that their role does not have read permission for (connection or identity). phunte ... View more

Splunk DB Connect V3.7.0 major security hole?

by in All Apps and Add-ons
‎03-16-2022 04:52 PM
‎03-16-2022 04:52 PM
I am using Splunk DB Connect V3.7.0 and there seems to be a major security hole? I want to give some users access to some of the connections/identities. I set the permissions of what they can see, and that works. BUT If a user explicitly asks for a connection that they cannot see, they are still allowed to access it?! This cannot be correct? ... View more
Labels

Re: Upgraded Splunk DB Connect V3.2.0 to V3.3.0 se...

by in All Apps and Add-ons
‎12-22-2021 04:30 PM
‎12-22-2021 04:30 PM
Thanks to everyone that tried to help here. Unfortunately none of the suggestions worked for me, but they showed me where to look. But I gave it one more attempt to go from 3.2.0 to 3.7.0 At first I had the same problem, but the fix (for me) was to make sure that all the debug was set to WARN on the deployer before copying it to the shcluster folder and deploying it. Strange that this would matter, given that the deployed version was all set to WARN, but this fixed it. phunte ... View more

Re: DB Connect dbxquery works fine, but not dbxloo...

by in All Apps and Add-ons
‎08-18-2021 12:29 PM
‎08-18-2021 12:29 PM
Thanks codebuilder but I don't understand? I am only using makeresults to test the dbxlookup? ... View more

DB Connect dbxquery works fine, but not dbxlookup

by in All Apps and Add-ons
‎08-09-2021 03:22 PM
‎08-09-2021 03:22 PM
Hi, Has anyone run into this? I am still on DB Connect 3.2 and have used dbxquery successfully for years. I am just trying to use dbxlookup but cannot get even a simple example to work?   | makeresults count=3 | streamstats count as id | dbxlookup connection="agena_ro" query="SELECT * FROM `agena_production`.`plans`" "id" AS "id" OUTPUT "description" AS "description"   I see this in the logs that looks suspicious? 2021-08-09 15:19:37.141 11088@prod3splunksearchl [main] INFO com.splunk.dbx.connector.logger.AuditLogger - operation= connection_name= stanza_name= state=success sql='SELECT "id", "description" FROM (SELECT * FROM `agena_production`.`plans`) dbxlookup WHERE "id" IN (?,?,?)'   Thanks. phunte ... View more
Labels

Why is upgraded Splunk DB Connect V3.2.0 to V3.3.0...

by in All Apps and Add-ons
‎04-06-2020 10:57 AM
1 Karma
‎04-06-2020 10:57 AM
1 Karma
Hi, I upgraded Splunk DB Connect from V3.2.0 to V3.3.0 and now see lots of errors like this. Anyone know what this is, or what I can do about it? (Rolled back to V3.2.0 for now). (Splunk version 8.0.1) Thanks, Paul 04-06-2020 17:41:42.379 +0000 ERROR ExecProcessor - message from "/opt/apps/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:41:42.378 [metrics-logger-reporter-1-thread-1] INFO c.s.d.c.h.i.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_82649329_jdbc_mysql//pie1applicationdatabases-agenacluster-.cluster-ro-.us-west-2.rds.amazonaws.com3306/agena_pie1?useSSL_true.pool.Wait, count=18, min=0.011064, max=21.322425, mean=5.69591799641126, stddev=8.099832751566446, p50=0.011469, p75=17.237046, p95=17.237046, p98=17.237046, p99=17.237046, p999=17.237046, m1_rate=9.818194454345773E-23, m5_rate=7.220013689967951E-7, m15_rate=1.3879932839497408E-4, mean_rate=2.525958496499233E-4, rate_unit=events/second, duration_unit=milliseconds ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-17-2023 07:12 PM
Karma from
View All