Configure inputs for the Splunk Add-on for MySQL

To gather data from MySQL, the Splunk Add-on for MySQL leverages Splunk DB Connect.

Steps to Configure Splunk DBConnect for MySQL

Configure Splunk DB Connect Settings:

1. Access Configuration > Settings in Splunk DB Connect.
2. Under the General Settings tab, set the Java Runtime Environment (JRE) path and Task Server settings.
3. Save the settings to restart the Task Server Java process.
4. For detailed steps see Splunk DB Connect Settings Guide

Download and Install MySQL JDBC Driver:

1. Download the MySQL JDBC driver from the link: https://dev.mysql.com/downloads/connector/j/
2. Place the driver file called mysql-connector-java*.jar in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ or Install the Splunk DBX Addon for MySQL JDBC to automate driver installation.
3. Reload the driver under Configuration > Settings > Drivers to ensure the driver is enabled.
4. Refer this doc for detailed steps MySQL JDBC Driver Download

Create and Manage Identities:

1. Navigate to Configuration > Databases > Identities in Splunk DB Connect and click New Identity > Basic Identity.
2. Enter the identity name, username, and password, ensuring the user has the appropriate database access.
3. In the Permissions tab, configure permissions for the identity, then click Save.
4. Refer this doc for detailed steps " Create and Manage Identities Guide"

Create a Database Connection:

Create a database connection to the MySQL using the Splunk DB Connect GUI:

1. Go to Configuration > Databases > Connections and click New Connection.
2. ' Select an existing identity, choose MySQL as the connection type, and configure the timezone settings.
3. If the MySQL driver is not installed, follow the instructions in the pop-up to install it.
4. On the New Connection page, complete the following fields:
   • Connection name
   • Identity
   • Connection Type
   • Timezone
   • JDBC URL Settings
5. For comprehensive, step-by-step guidance on setting up a new database connection using the GUI, refer to the "Create and manage database connections" section of the Splunk DB Connect manual.

Configure the inputs using the Splunk DB Connect GUI

If you want to create MySQL database input, choose the template created for 'Splunk Add-on for MySQL under Template field of DB Connect.

Configure the inputs using the Splunk DB Connect v3.5.1 or lower

For cloud environment, please contact Splunk Cloud SRE

1. Configure the Splunk Add-on for MySQL, if you have not done so already.
2. Copy the following text:
   

   [<input_name>]
   batch_upload_size = 1000
   connection = <connection>
   description = Query all database instances in a MySQL box
   disabled = 0
   fetch_size = 300
   index = <index>
   index_time_mode = current
   input_type = event
   interval = 86400
   max_rows = 0
   mode = batch
   query = show databases;
   query_timeout = 30
   sourcetype = mysql:database
   template_name = mysql:database
   source = <source>
   
   [<input_name>]
   batch_upload_size = 1000
   connection = <connection>
   description = Query innodb engine of the database
   disabled = 0
   fetch_size = 300
   index = <index>
   index_time_mode = current
   input_type = event
   interval = 120
   max_rows = 0
   mode = batch
   tail_rising_column_number =
   query = SHOW ENGINE INNODB STATUS;
   query_timeout = 30
   sourcetype = mysql:innodbStatus
   template_name = mysql:innodbStatus
   source = <source>
   
   [<input_name>]
   batch_upload_size = 1000
   connection = <connection>
   description = Query all of the current running process of the database
   disabled = 0
   fetch_size = 300
   index = <index>
   index_time_mode = current
   input_type = event
   interval = 120
   max_rows = 0
   mode = batch
   tail_rising_column_number =
   query = SHOW FULL PROCESSLIST;
   query_timeout = 30
   sourcetype = mysql:databaseProcess
   template_name = mysql:databaseProcess
   source = <source>
   
   [<input_name>]
   batch_upload_size = 1000
   connection = <connection>
   description = Query grant actions in the database
   disabled = 0
   fetch_size = 300
   index = <index>
   index_time_mode = current
   input_type = event
   interval = 300
   max_rows = 0
   mode = batch
   tail_rising_column_number =
   query = SHOW GRANTS;
   query_timeout = 30
   sourcetype = mysql:grants
   template_name = mysql:grants
   source = <source>
   

3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local, and open db_inputs.conf.
4. Paste your copied MySQL inputs to In db_inputs.conf.
5. For each of your mysql inputs, change each mention of <input_name>, <connection>, <index> and <source> to appropriate values for each parameters.
6. Save your changes.
7. Restart your Splunk platform deployment.

Configure monitor inputs for the Splunk Add-on for MySQL

1. Choose the Audit Log Format: Select the JSON format for the audit log files to be monitored.
2. Determine the full path to the audit log file. If the log files are stored in a non-default location, be sure to use the exact path in your configuration.
3. Create the inputs.conf file. Navigate to the following directory and create an inputs.conf file if it does not already exist: $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local.
4. Add a monitor stanza for each audit log file you want Splunk to ingest. Each stanza must specify the full path to the log file and set the appropriate sourcetype. Example configuration:
   

   [monitor://path_to_audit.log_file]
   sourcetype = mysql:audit <br>
   

   
   For example:

   [monitor://C:\ProgramData\MySQL\MySQL Server 9.2\Data\audit.log] <br>
   sourcetype = mysql:audit