Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can Splunk add data from a local mdb file?

mlwinzenburg
New Member
‎07-15-2012 09:08 AM

I have installed an open source Syslog server on a Windows PC, at home. I am sending it logs from my Netgear FVS114 home firewall. Now I'd like to use Splunk to look at the Syslog data, which appears to be stored in an MS Access database ".mdb" file.

Can Splunk be configured to read this file natively? Splunk is installed on the same PC as the Syslog.

Is there an add-on that will allow Splunk to read the .mdb file?

I do not know scripting so that's not a good direction for me unless it is something already written.

Thanks

M

Tags (1)
0 Karma
Reply

Drainy
Champion
‎07-15-2012 10:48 AM

I'm not aware of such a thing, others may, but to me this seems a little backwards anyway. Do you use the local syslog server for anything else? or the mdb file for anything else?

If not, just configure Splunk to read the syslog directly via a UDP/TCP port.
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports?r=searchtip

Generally speaking as a quick how-to, just go to manager, data, add data and add UDP 514, this is the default protocol/port used by most syslog systems.
Your data will then start to be consumed by Splunk.

Reply

Drainy
Champion
‎07-16-2012 12:44 AM

Bear in mind also that the best practice is geared towards larger, SMB/Enterprise customers who would lose a heck of a lot of data by using UDP as their only method for getting data into Splunk 🙂 Also what Ayn says.

0 Karma
Reply

Ayn
Legend
‎07-15-2012 10:47 PM

It IS a good idea to write the data to a file, but that file will of course have to be readable by Splunk. Splunk reads pretty much any file in plain text format right away. It does not, however, generally read data that is in any kind of binary format, which is the case with MDB files (aka MS Access databases).

Reply

mlwinzenburg
New Member
‎07-15-2012 09:10 PM

Well, I guess I'm just following Splunk's advice to write the data to a file first.

http://wiki.splunk.com/Deploy:BestPracticeForConfiguringSyslogInput

"Here are the recommended best practices for configuring your syslog:

  1. Write to a file and configure Splunk to monitor that file

The best practice is to write to a file that Splunk is monitoring. This accounts for the scenario of data loss if Splunk is down. This also allows you to add the data again if you have to clean your index for some reason."

0 Karma
Reply
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...