Configure inputs for the Splunk Add-on for MySQL

To gather data from MySQL, the Splunk Add-on for MySQL leverages Splunk DB Connect.

Set up the database connection

1. Download the connector driver for MySQL database from https://dev.mysql.com/downloads/connector/j/

2. Place the driver file called mysql-connector-java*.jar in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ on the part of your Splunk Enterprise architecture performing the data collection.

3. Still on the part of your Splunk Enterprise architecture performing data collection, go to Splunk DB Connect in Splunk Web.

4. Create an identity for establishing a connection to a database. Make sure the DB user for this identity has access to MySQL information_schema, performance_schema and mysql schemas.

Use the Splunk DB Connect GUI to create a database connection

To create a database connection to the MySQL using the Splunk DB Connect GUI:

refer to the "Create and manage database connections" in the Splunk DB Connect manual for step-by-step instructions for using the GUI to set up a new database connection.

Configure the inputs using the Splunk DB Connect GUI

If you want to create MySQL database input, choose the template created for 'Splunk Add-on for MySQL under Template field of DB Connect.

Configure the inputs using the Splunk DB Connect v3.5.1 or lower

For cloud environment, please contact Splunk Cloud SRE

1. Configure the Splunk Add-on for MySQL, if you have not done so already.
2. Copy the following text:

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query all database instances in a MySQL box
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 86400
max_rows = 0
mode = batch
query = show databases;
query_timeout = 30
sourcetype = mysql:database
template_name = mysql:database
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query innodb engine of the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 120
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW ENGINE INNODB STATUS;
query_timeout = 30
sourcetype = mysql:innodbStatus
template_name = mysql:innodbStatus
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query all of the current running process of the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 120
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW FULL PROCESSLIST;
query_timeout = 30
sourcetype = mysql:databaseProcess
template_name = mysql:databaseProcess
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query grant actions in the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 300
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW GRANTS;
query_timeout = 30
sourcetype = mysql:grants
template_name = mysql:grants
source = <source>

3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local, and open db_inputs.conf.
4. Paste your copied MySQL inputs to In db_inputs.conf.
5. For each of your mysql inputs, change each mention of <input_name>, <connection>, <index> and <source> to appropriate values for each parameters.
6. Save your changes.
7. Restart your Splunk platform deployment.