Splunk Search

splunk db connect

aalaa
Path Finder

Hello community ,

I would like to know where splunk db connect stored data ?

Tags (1)
0 Karma
1 Solution

DavidHourani
Super Champion

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

View solution in original post

DavidHourani
Super Champion

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

aalaa
Path Finder

Thank you David , and what about the other data ? how splunk store it ?
I would like to know how splunk store data

0 Karma

DavidHourani
Super Champion

You're welcome @aalaa.

This document explains how Splunk stores data, what the index structure is and what the buckets inside an index are:
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/HowSplunkstoresindexes

All your indexed data is stored on your indexers and the structure of each data index is as the one you'll see described in the link above.

Let me know if that helps and if there's anything I missed.

0 Karma

aalaa
Path Finder

Thank you very much David
it's very helpfull !

0 Karma

PvandenHondel
Explorer

Sorry, but your question is not clear to me. Do you mean where does the Splunk DB Connect stores it's data that is being queried from a database table? Or where does the Splunk DB Connect saves it's config files. Please clarify.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...