All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect: What is the needed connection and host type for a 2016 SQL server?

raghu0463
Explorer
‎10-28-2017 11:31 AM

Hi,
In Setting up Splunk DB Connect and I have a question :

I was trying to connect from Splunk Db Connect App to SQL server 2016. I have installed both on same system with windows OS. I have downloaded the JDBC driver 'sqljdbc42' and I have copied this file in the location
"C:\Program Files\Splunk\etc\apps\splunk_app_db_connect\drivers "
but the document says to copy in this path "$SPLUNK_HOME/etc/apps/dbx/bin/lib " Is this path same as the path where I have copied ??
when I was trying to create connection what Is the connection type I need to mention please?
In the host column do I need to give sql server Ip Address and port number ?

For setting up db connection I followed the documentation and I have tried, but I got an error, below are the details what I have tried :

I have created an identity, For identities I created a user in sql server with sql server authentication and I used the same in identities

I used the connection type : MS-SQL server using MS generic Driver with windows connection ---
and for host I used my system Ip address and port as 1433
I have got the below error I got when I used above credentials

"this driver is not configured for integrated authentication. ClientConnectionId:e5f8a091-7f5a-4557-99a2-686006288fd8"

Reply

natejenkins
Explorer
‎11-13-2018 11:10 AM

Integrated authentication is still an issue. Either the documentation misses a few steps or db connect is using the driver incorrectly.

Best work around is to disable windows authentication, create a sql server username and password on the DB, use the MS-Generic Driver (without Windows Auth), and send the username and password in the query.
Side note for username: I believe the username still must include the domain. Ex. (MyDomain\Username)

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎10-31-2017 09:53 PM

Your connection is fine, right now the issue is authentication back to MS, looks like you are using integrated authentication.

I'd start by looking here : https://answers.splunk.com/answers/234258/db-connect-2-connection-is-not-using-integrated-au.html and
here : https://answers.splunk.com/answers/334028/splunk-db-connect-2-why-am-i-getting-this-driver-i.html

Follow that up with reading the Troubleshooting of DB Connect docs here :

http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/Troubleshooting#Cannot_connect_to_Microsoft...

Let us know if this helps..

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...