Configure inputs for the Splunk Add-on for MySQL
To gather data from MySQL, the Splunk Add-on for MySQL leverages Splunk DB Connect.
Steps to Configure Splunk DBConnect for MySQL
Configure Splunk DB Connect Settings:
- Access Configuration > Settings in Splunk DB Connect.
- Under the General Settings tab, set the Java Runtime Environment (JRE) path and Task Server settings.
- Save the settings to restart the Task Server Java process.
- For detailed steps see Splunk DB Connect Settings Guide
Download and Install MySQL JDBC Driver:
- Download the MySQL JDBC driver from the link: https://dev.mysql.com/downloads/connector/j/
- Place the driver file called
mysql-connector-java*.jar
in$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/
or Install the Splunk DBX Addon for MySQL JDBC to automate driver installation. - Reload the driver under Configuration > Settings > Drivers to ensure the driver is enabled.
- Refer this doc for detailed steps MySQL JDBC Driver Download
Create and Manage Identities:
- Navigate to Configuration > Databases > Identities in Splunk DB Connect and click New Identity > Basic Identity.
- Enter the identity name, username, and password, ensuring the user has the appropriate database access.
- In the Permissions tab, configure permissions for the identity, then click Save.
- Refer this doc for detailed steps " Create and Manage Identities Guide"
Create a Database Connection:
Create a database connection to the MySQL using the Splunk DB Connect GUI:
- Go to Configuration > Databases > Connections and click New Connection.
- ' Select an existing identity, choose MySQL as the connection type, and configure the timezone settings.
- If the MySQL driver is not installed, follow the instructions in the pop-up to install it.
- On the New Connection page, complete the following fields:
- Connection name
- Identity
- Connection Type
- Timezone
- JDBC URL Settings
- For comprehensive, step-by-step guidance on setting up a new database connection using the GUI, refer to the "Create and manage database connections" section of the Splunk DB Connect manual.
Configure the inputs using the Splunk DB Connect GUI
If you want to create MySQL database input, choose the template created for 'Splunk Add-on for MySQL under Template field of DB Connect.
Configure the inputs using the Splunk DB Connect v3.5.1 or lower
For cloud environment, please contact Splunk Cloud SRE
- Configure the Splunk Add-on for MySQL, if you have not done so already.
- Copy the following text:
[<input_name>] batch_upload_size = 1000 connection = <connection> description = Query all database instances in a MySQL box disabled = 0 fetch_size = 300 index = <index> index_time_mode = current input_type = event interval = 86400 max_rows = 0 mode = batch query = show databases; query_timeout = 30 sourcetype = mysql:database template_name = mysql:database source = <source> [<input_name>] batch_upload_size = 1000 connection = <connection> description = Query innodb engine of the database disabled = 0 fetch_size = 300 index = <index> index_time_mode = current input_type = event interval = 120 max_rows = 0 mode = batch tail_rising_column_number = query = SHOW ENGINE INNODB STATUS; query_timeout = 30 sourcetype = mysql:innodbStatus template_name = mysql:innodbStatus source = <source> [<input_name>] batch_upload_size = 1000 connection = <connection> description = Query all of the current running process of the database disabled = 0 fetch_size = 300 index = <index> index_time_mode = current input_type = event interval = 120 max_rows = 0 mode = batch tail_rising_column_number = query = SHOW FULL PROCESSLIST; query_timeout = 30 sourcetype = mysql:databaseProcess template_name = mysql:databaseProcess source = <source> [<input_name>] batch_upload_size = 1000 connection = <connection> description = Query grant actions in the database disabled = 0 fetch_size = 300 index = <index> index_time_mode = current input_type = event interval = 300 max_rows = 0 mode = batch tail_rising_column_number = query = SHOW GRANTS; query_timeout = 30 sourcetype = mysql:grants template_name = mysql:grants source = <source>
- Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local, and open db_inputs.conf.
- Paste your copied MySQL inputs to In db_inputs.conf.
- For each of your mysql inputs, change each mention of <input_name>, <connection>, <index> and <source> to appropriate values for each parameters.
- Save your changes.
- Restart your Splunk platform deployment.
Configure monitor inputs for the Splunk Add-on for MySQL
- Choose the Audit Log Format: Select the JSON format for the audit log files to be monitored.
- Determine the full path to the audit log file. If the log files are stored in a non-default location, be sure to use the exact path in your configuration.
- Create the inputs.conf file. Navigate to the following directory and create an inputs.conf file if it does not already exist: $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local.
- Add a monitor stanza for each audit log file you want Splunk to ingest. Each stanza must specify the full path to the log file and set the appropriate sourcetype.
Example configuration:
[monitor://path_to_audit.log_file] sourcetype = mysql:audit <br>
For example:[monitor://C:\ProgramData\MySQL\MySQL Server 9.2\Data\audit.log] <br> sourcetype = mysql:audit
Install the Splunk Add-on for MySQL | Troubleshoot the Splunk Add-on for MySQL |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!