Splunk Search

splunk db connect

aalaa
Path Finder

Hello community ,

I would like to know where splunk db connect stored data ?

Tags (1)
0 Karma
1 Solution

DavidHourani
Super Champion

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

View solution in original post

DavidHourani
Super Champion

Hi @aalaa,

DBconnect doesn't store any data. It allows you to create a connection with Data Bases and collect the data from there or use the DB as a lookup.

If you have a DB input setup, the all you have to do is look for the index where it's writing the data and you'll have everything there. If there is no DB input created then you're not indexing data at all and it's all still on your data base or in some lookup file.

Cheers,
David

aalaa
Path Finder

Thank you David , and what about the other data ? how splunk store it ?
I would like to know how splunk store data

0 Karma

DavidHourani
Super Champion

You're welcome @aalaa.

This document explains how Splunk stores data, what the index structure is and what the buckets inside an index are:
https://docs.splunk.com/Documentation/Splunk/latest/Indexer/HowSplunkstoresindexes

All your indexed data is stored on your indexers and the structure of each data index is as the one you'll see described in the link above.

Let me know if that helps and if there's anything I missed.

0 Karma

aalaa
Path Finder

Thank you very much David
it's very helpfull !

0 Karma

PvandenHondel
Explorer

Sorry, but your question is not clear to me. Do you mean where does the Splunk DB Connect stores it's data that is being queried from a database table? Or where does the Splunk DB Connect saves it's config files. Please clarify.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...