Splunk® Supported Add-ons

Splunk Add-on for MySQL

Configure inputs for the Splunk Add-on for MySQL

To gather data from MySQL, the Splunk Add-on for MySQL leverages Splunk DB Connect.


Steps to Configure Splunk DBConnect for MySQL

Configure Splunk DB Connect Settings:

  1. Access Configuration > Settings in Splunk DB Connect.
  2. Under the General Settings tab, set the Java Runtime Environment (JRE) path and Task Server settings.
  3. Save the settings to restart the Task Server Java process.
  4. For detailed steps see Splunk DB Connect Settings Guide

Download and Install MySQL JDBC Driver:

  1. Download the MySQL JDBC driver from the link: https://dev.mysql.com/downloads/connector/j/
  2. Place the driver file called mysql-connector-java*.jar in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ or Install the Splunk DBX Addon for MySQL JDBC to automate driver installation.
  3. Reload the driver under Configuration > Settings > Drivers to ensure the driver is enabled.
  4. Refer this doc for detailed steps MySQL JDBC Driver Download

Create and Manage Identities:

  1. Navigate to Configuration > Databases > Identities in Splunk DB Connect and click New Identity > Basic Identity.
  2. Enter the identity name, username, and password, ensuring the user has the appropriate database access.
  3. In the Permissions tab, configure permissions for the identity, then click Save.
  4. Refer this doc for detailed steps " Create and Manage Identities Guide"

Create a Database Connection:

Create a database connection to the MySQL using the Splunk DB Connect GUI:

  1. Go to Configuration > Databases > Connections and click New Connection.
  2. ' Select an existing identity, choose MySQL as the connection type, and configure the timezone settings.
  3. If the MySQL driver is not installed, follow the instructions in the pop-up to install it.
  4. On the New Connection page, complete the following fields:
    • Connection name
    • Identity
    • Connection Type
    • Timezone
    • JDBC URL Settings
  5. For comprehensive, step-by-step guidance on setting up a new database connection using the GUI, refer to the "Create and manage database connections" section of the Splunk DB Connect manual.

Configure the inputs using the Splunk DB Connect GUI

If you want to create MySQL database input, choose the template created for 'Splunk Add-on for MySQL under Template field of DB Connect.

Configure the inputs using the Splunk DB Connect v3.5.1 or lower

For cloud environment, please contact Splunk Cloud SRE

  1. Configure the Splunk Add-on for MySQL, if you have not done so already.
  2. Copy the following text:
    [<input_name>]
    batch_upload_size = 1000
    connection = <connection>
    description = Query all database instances in a MySQL box
    disabled = 0
    fetch_size = 300
    index = <index>
    index_time_mode = current
    input_type = event
    interval = 86400
    max_rows = 0
    mode = batch
    query = show databases;
    query_timeout = 30
    sourcetype = mysql:database
    template_name = mysql:database
    source = <source>
    
    [<input_name>]
    batch_upload_size = 1000
    connection = <connection>
    description = Query innodb engine of the database
    disabled = 0
    fetch_size = 300
    index = <index>
    index_time_mode = current
    input_type = event
    interval = 120
    max_rows = 0
    mode = batch
    tail_rising_column_number =
    query = SHOW ENGINE INNODB STATUS;
    query_timeout = 30
    sourcetype = mysql:innodbStatus
    template_name = mysql:innodbStatus
    source = <source>
    
    [<input_name>]
    batch_upload_size = 1000
    connection = <connection>
    description = Query all of the current running process of the database
    disabled = 0
    fetch_size = 300
    index = <index>
    index_time_mode = current
    input_type = event
    interval = 120
    max_rows = 0
    mode = batch
    tail_rising_column_number =
    query = SHOW FULL PROCESSLIST;
    query_timeout = 30
    sourcetype = mysql:databaseProcess
    template_name = mysql:databaseProcess
    source = <source>
    
    [<input_name>]
    batch_upload_size = 1000
    connection = <connection>
    description = Query grant actions in the database
    disabled = 0
    fetch_size = 300
    index = <index>
    index_time_mode = current
    input_type = event
    interval = 300
    max_rows = 0
    mode = batch
    tail_rising_column_number =
    query = SHOW GRANTS;
    query_timeout = 30
    sourcetype = mysql:grants
    template_name = mysql:grants
    source = <source>
    
  3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local, and open db_inputs.conf.
  4. Paste your copied MySQL inputs to In db_inputs.conf.
  5. For each of your mysql inputs, change each mention of <input_name>, <connection>, <index> and <source> to appropriate values for each parameters.
  6. Save your changes.
  7. Restart your Splunk platform deployment.

Configure monitor inputs for the Splunk Add-on for MySQL

  1. Choose the Audit Log Format: Select the JSON format for the audit log files to be monitored.
  2. Determine the full path to the audit log file. If the log files are stored in a non-default location, be sure to use the exact path in your configuration.
  3. Create the inputs.conf file. Navigate to the following directory and create an inputs.conf file if it does not already exist: $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local.
  4. Add a monitor stanza for each audit log file you want Splunk to ingest. Each stanza must specify the full path to the log file and set the appropriate sourcetype. Example configuration:
    [monitor://path_to_audit.log_file]
    sourcetype = mysql:audit <br>
    


    For example:

    [monitor://C:\ProgramData\MySQL\MySQL Server 9.2\Data\audit.log] <br>
    sourcetype = mysql:audit 
    
Last modified on 24 April, 2025
Install the Splunk Add-on for MySQL   Troubleshoot the Splunk Add-on for MySQL

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters