All Apps and Add-ons

How does Splunk DB Connect work and does Splunk come with its own built-in database?

Path Finder


I want to know how SPlunk DB connect works in splunk.
Does Splunk come with its own built-in database?
Is it oracle/sql/db2 or its own language?
So do all the searches/reports get saved in the splunk db?


0 Karma


DB Connect how it works ?

Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.

DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.

DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.

for more information see this link:

0 Karma


hi following these stages,
splunk connection to any database: example MYSQL

1. Creation of the database
2. Installing a local server or server xampp or WampServer
3. import your database from the local server
4. settle in the Splunk SplunkDbConnect application and configure startup
   a) specify the path of jdk or jre in your machine by default was: C:\program Files \Java\jdk1.6.0 or C:\Program Files\ Java\ jre1.6.0
   b) Download and install mysql-connector-java-5.1.32-gpl
   c) go to the installation folder C:\Program File\ MySQL\MySQL Connector J
   d) copy to this directory the mysql-connector-java-5.1.32-bin.jar paste and go to C:\Program File\Splunk\etc\apps\dbx\bin\lib
   e) Then restart Splunk
5. After connection in splunk, you execute the implementation SplunkDbConnect
6. Then you click Database connections in Splunk Manager and click New and then fill in the boxes apparaisssent.
7. Name = name of the Data Base that you need and that will be recorded in splunk.
   Type = MySql DataBase
   Host = localhost
   UserName = Root
   DataBase = Name Creates base.
If necessary DatabaseTest.
   Then you click Fetch database names to see the catalog of Databases and select the one you want
8. Finally, you click Save.

or following this link:

0 Karma

Path Finder

Thanks you so much this information is of great help.

0 Karma


do not forget to vote then

0 Karma


Splunk DB Connect lets you enrich and combine your machine data with database data. You can use the app to configure database queries and lookups in minutes via the Splunk Web interface.

Splunk doesn't comes with its own inbuilt DB.

Splunk DB Connect tests and supports connection to these databases:
· DB2
· Microsoft SQL Server
· Oracle Database
· Sybase, Adaptive Server Enterprise version 15.7 Developer's Edition

You can also connect to these unsupported databases:
· Generic ODBC support
· H2
· HyperSQL
· PostgreSQL
· SQLite
Provide the necessary JDBC drivers to add your own database types.

The Splunk DB Connect app runs on Splunk 4.3 and later.
Note: Splunk DB Connect has not been tested and is not supported with Splunk Free.


Hi splunksurekha,

If you're talking about the DBX App which enables Splunk to connect to a DB; this is Java based and details can be found here

Splunk itself is not a database and it uses no database to store events. The indexed events are stored in flat files.
You can find an overview of third party software used in Splunk here

All queries for reports are saved as XML files, more details can you find here

Hope that helps ...

cheers, MuS

Path Finder

Thanks you very much .
So if i install splundb app will it have any effect on my space and performance.
Should i give a completely new volume or server for only DB transactions.

0 Karma


Since I don't know your use case, I cannot tell you if it will impact your servers performance. Disk space should not be a problem since the app is not too big.

0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...