Documentation > Splunk > Admin Manual > Data Base Access

Admin Manual

 


Overview
Setting Up Data Inputs
Authentication
Changing the Way Splunk Processes Your Data
Creating and Using Configuration Bundles
Configuring Your Sources
Splunk-2-Splunk Management
Integration
Managing Your Filesystem
How-To's

Data Base Access

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Data Base Access

In oder to Splunk the contents of your data base you will need to configure a cron job to run a script at set intervals. The script will pull the rows from the specified table and send them to Splunk via TCP.


Perl DBI Access Script

The following script needs to be run on the data base server. You will need to modify the variables at the top of the script to match your enviornment. 


#!/usr/bin/perl
use IO::Socket;
use strict;
use DBI;
my $server="0.0.0.0";
my $db="Employee-DB";
my $table="some_table";
my $user="user";
my $pw="pw";
my $tcphost = "splunkTCPserveraddr";
my $tcpport = "9997";
$ENV{'SYBASE'} = '/usr/local/freetds' unless $ENV{'SYBASE'};
my $dbh = DBI->connect('dbi:Sybase:server=$server;database=$db','$user','$pw');
# Get my count here.
my $sth = $dbh->prepare("SELECT COUNT(*) FROM $table");
$sth->execute() or die $sth->errstr;
my $count = $sth->rows;
my $countfile = "/tmp/table_count";
if ( -f $countfile) {
	# Compare vs. file with saved count.
	open (CF, "<$countfile"); 
	my $filecount = readline CF;
	chomp $filecount;
	close (CF);
	if ($filecount eq $count) {
		"We're good.\n";
		exit;
	} else {
		my $rows_to_get = $filecount - $count;
		$sth = $dbh->prepare("SELECT TOP $rows_to_get FROM $table");
	}
} else {
	$sth = $dbh->prepare("SELECT * FROM $table'");
}
# Update countfile.
open (CF, ">$countfile");
print CF "$count\n";
close (CF);
$remote = IO::Socket::INET->new( Proto => "tcp",
	PeerAddr  => $tcphost,
	PeerPort  => $tcpport,);
unless ($remote) { die "cannot connect to tcp daemon on $tcphost" }
$remote->autoflush(1);
$sth->execute() or die $sth->errstr;
while (my @type = $sth->fetchrow_array()) {
	print $remote @type;
}
$sth->finish();
$dbh->disconnect;
close $remote;

Configure Cron to run the script at the desired interval

With the script in place you need to configure a cron job to run the script at the desired intervals. Since this script is not aware of what it has read previously it is not recommend to run it with great frequency (e.g. every 5 minutes). The potential for duplicate events does exist with this method.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/2.2.6/Admin/DataBaseAccess"

This documentation applies to the following versions of Splunk: 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.