Splunk® Supported Add-ons

Splunk Add-on for Microsoft SQL Server

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Microsoft SQL Server

The Splunk Add-on for Microsoft SQL Server collects different kinds of data from Microsoft SQL Server and assigns a source type for each kind of data. It collects data via file monitoring, Windows Performance Monitoring, and through Splunk DB Connect:

Source types collected through file monitoring

Log Log Format Description Source Type File Location CIM data models
Error log Plain text The error log contains error messages as well as some activities of SQL Server. mssql:errorlog After you install and start Microsoft SQL Server, the server creates this log file under the SQL Server installation folder. Example Location: C:\Program Files\Microsoft SQL Server\
MSSQL11.MSSQLSERVER\MSSQL\Log\ERRORLOG*
None
Agent log Plain text The agent log records SQL Server agent service related activities. mssql:agentlog After you install and start the Microsoft SQL Server agent, the server creates this log file under the SQL Server installation folder. Example Location: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log\SQLAGENT.OUT None

Source types collected through Windows Performance Monitoring

Object Counter Source type CIM data models
Processor % Processor Time perfmon:sqlserverhost:processor Performance
Network Interface Current Bandwidth; Bytes Total/sec perfmon:sqlserverhost:network Performance
Memory % Committed Bytes In Use; Pages/sec; Available Mbytes; Pages perfmon:sqlserverhost:memory Performance
SQLServer:Buffer Manager * perfmon:sqlserver:buffer_manager Databases
SQLServer:Databases Active Transactions; Data File(s) Size (KB); Log File(s) Size (KB);Log File(s) Used Size (KB); Transactions/sec perfmon:sqlserver:databases Databases
LogicalDisk Avg. Disk sec/Read; Avg. Disk sec/Write perfmon:sqlserverhost:logicaldisk None
PhysicalDisk Disk Reads/sec; Disk Writes/sec; Avg. Disk sec/Read; Avg. Disk sec/Write; Avg. Disk sec/Transfer; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Queue Length perfmon:sqlserverhost:physicaldisk None
Paging File % Usage; % Usage Peak perfmon:sqlserverhost:paging_file None
Process Private Bytes; % Processor Time perfmon:sqlserverhost:process None
System Processor Queue Length; Context Switches/sec perfmon:sqlserverhost:system None
SQLServer:General Statistics User Connections; Processes blocked; Logins/sec; Logout/sec perfmon:sqlserver:general_statistics None
SQLServer:SQL Statistics Batch Requests/sec; SQL Compilations/sec; SQL re-Compilations/sec; SQL Attention Rate/sec; Auto-Param Attempts/sec; Failed Auto-Params/sec; Safe Auto-Params/sec; Unsafe Auto-Params/sec perfmon:sqlserver:sql_statistics None
SQLServer:Access Methods Forwarded Records/sec; Full Scans/sec; Index Searches/sec;Page Splits/sec; Workfiles Created/sec; Worktables Created/sec; Worktables From Cache Ratio; Table Lock Escalations/sec perfmon:sqlserver:access_methods None
SQLServer:Latches Latch Waits/sec; Avg Latch Wait Time (ms); Total Latch Wait Time (ms) perfmon:sqlserver:latches None
SQLServer:SQL Errors Errors/sec perfmon:sqlserver:sql_errors None
SQLServer:Locks Number of Deadlocks/sec; Average Wait Time (ms) perfmon:sqlserver:locks None
SQLServer:Transactions Transactions; Longest Transaction Running Time perfmon:sqlserver:transactions None

Source types collected through Splunk DB Connect

Data from Dynamic Management View

Type Dynamic Management View Source type CIM or ITSI data models
alwayson sys.dm_hadr_auto_

page_repair

mssql:alwayson:dm_hadr_auto_page_repair None
sys.dm_hadr_

availability_group_states

mssql:alwayson:

dm_hadr_availability_group_states

None
sys.dm_hadr_

availability_replica_ cluster_nodes

mssql:alwayson:

dm_hadr_availability_replica_cluster_nodes

None
sys.dm_hadr_

availability_replica_ cluster_states

mssql:alwayson:

dm_hadr_availability_replica_cluster_states

None
sys.dm_hadr_

availability_replica_states

mssql:alwayson:

dm_hadr_availability_replica_states

None
sys.dm_hadr_cluster mssql:alwayson:dm_hadr_cluster None
sys.dm_hadr_cluster_

members

mssql:alwayson:dm_hadr_cluster_members None
sys.dm_hadr_cluster_

networks

mssql:alwayson:dm_hadr_cluster_networks None
sys.dm_hadr_database_

replica_cluster_states

mssql:alwayson:

dm_hadr_database_replica_cluster_states

None
sys.dm_hadr_database_

replica_states

mssql:alwayson:dm_hadr_database_replica_states None
sys.dm_hadr_instance_

node_map

mssql:alwayson:dm_hadr_instance_node_map None
sys.dm_hadr_name_

id_map

mssql:alwayson:dm_hadr_name_id_map None
sys.dm_tcp_listener_

states

mssql:alwayson:dm_tcp_listener_states None
database sys.dm_db_file_

space_usage

mssql:database:dm_db_file_space_usage None
sys.dm_db_

partition_stats

mssql:database:dm_db_partition_stats None
sys.dm_db_

session_space_usage

mssql:database:dm_db_session_space_usage None
sys.dm_db_

uncontained_entities

mssql:database:dm_db_uncontained_entities None
sys.dm_db_fts_

index_physical_stats

mssql:database:dm_db_fts_index_physical_stats None
sys.dm_db_

persisted_sku_features

mssql:database:dm_db_persisted_sku_features None
sys.dm_db_

task_space_usage

mssql:database:dm_db_task_space_usage None
execution sys.dm_exec_

query_stats

mssql:execution:dm_exec_query_stats Databases, Database (ITSI)
sys.dm_exec_

sessions

mssql:execution:dm_exec_sessions Databases, Database (ITSI)
sys.dm_exec_

background_job_queue

mssql:execution:dm_exec_background_job_queue None
sys.dm_exec_

background_job_queue_stats

mssql:execution:

dm_exec_background_job_queue_stats

None
sys.dm_exec_

cached_plans

mssql:execution:dm_exec_cached_plans None
sys.dm_exec_

connections

mssql:execution:dm_exec_connections None
sys.dm_exec_

procedure_stats

mssql:execution:dm_exec_procedure_stats None
sys.dm_exec_

query_memory_grants

mssql:execution:dm_exec_query_memory_grants None
sys.dm_exec_

query_optimizer_info

mssql:execution:dm_exec_query_optimizer_info None
sys.dm_exec_

query_resource_semaphores

mssql:execution:

dm_exec_query_resource_semaphores

None
sys.dm_exec_

requests

mssql:execution:dm_exec_requests None
sys.dm_exec_

trigger_stats

mssql:execution:dm_exec_trigger_stats None
index sys.dm_db_

index_physical_stats

mssql:index:dm_db_index_physical_stats None
sys.dm_db_

index_operational_stats

mssql:index:dm_db_index_operational_stats None
sys.dm_db_

index_usage_stats

mssql:index:dm_db_index_usage_stats None
sys.dm_db_

missing_index_details

mssql:index:dm_db_missing_index_details None
sys.dm_db_

missing_index_groups

mssql:index:dm_db_missing_index_groups None
sys.dm_db_

missing_index_group_stats

mssql:index:

dm_db_missing_index_group_stats

None
instance Built-in functions:
  • SERVERPROPERTY
  • @@MAX_CONNECTIONS
  • db_name()
mssql:instance Databases, Database (ITSI)
Built-in functions:
  • SERVERPROPERTY
  • db_name()
  • @@TOTAL_READ
  • @@TOTAL_WRITE
  • @@TOTAL_ERRORS
mssql:instancestats Databases
sys.processes mssql:processes None
sys.databases mssql:databases None
mirroring sys.dm_db_

mirroring_connections

mssql:mirroring:

dm_db_mirroring_connections

None
sys.dm_db_

mirroring_auto_page_repair

mssql:mirroring:

dm_db_mirroring_auto_page_repair

None
OS sys.dm_os_

sys_info

mssql:os:dm_os_sys_info Databases; Performance
sys.dm_os_

performance_counters

mssql:os:dm_os_performance_counters Database (ITSI)
sys.dm_os_

windows_info

mssql:os:dm_os_windows_info None
sys.dm_os_

buffer_descriptors

mssql:os:dm_os_buffer_descriptors None
replication sys.dm_repl_

articles

mssql:replication:dm_repl_articles None
sys.dm_repl_

tranhash

mssql:replication:dm_repl_tranhash None
sys.dm_repl_

schemas

mssql:replication:dm_repl_schemas None
sys.dm_repl_

traninfo

mssql:replication:dm_repl_traninfo None
transaction sys.dm_tran_

locks

mssql:transaction:dm_tran_locks Databases
sys.dm_tran_active_

snapshot_database_ transactions

mssql:transaction:

dm_tran_active_snapshot_database_transactions

None
sys.dm_tran_current_

snapshot

mssql:transaction:dm_tran_current_snapshot None
sys.dm_tran_database_

transactions

mssql:transaction:

dm_tran_database_transactions

None
sys.dm_tran_session_

transactions

mssql:transaction:dm_tran_session_transactions None
sys.dm_tran_

transactions_snapshot

mssql:transaction:

dm_tran_transactions_snapshot

None
sys.dm_tran_

active_transactions

mssql:transaction:dm_tran_active_transactions None
sys.dm_tran_

current_transaction

mssql:transaction:dm_tran_current_transaction None
sys.dm_tran_

top_version_generators

mssql:transaction:

dm_tran_top_version_generators

None
sys.dm_tran_version_store mssql:transaction:dm_tran_version_store None
Other sys.tables mssql:table Database (ITSI)
sys.database_principals mssql:user Database (ITSI)

Trace and audit logs

Log Log Format Description Source type CIM data models
Trace log Binary Default trace provides troubleshooting support. You can open default trace logs with SQL Server Profiler or query them with Transact-SQL by using the fn_trace_gettable system function. This add-on uses the fn_trace_gettable system function via DB Connect. mssql:trclog None
Audit log Binary SQL Server audit lets you create server audits for server-level, database-level, and table-level events. See Create audit objects in Microsoft SQL Server for more information. Audit logs can be read by the sys.fn_get_audit_file system function. This add-on uses the sys.fn_get_audit_file function via DB Connect. mssql:audit None
Last modified on 06 August, 2018
PREVIOUS
The Splunk Add-on for Microsoft SQL Server
  NEXT
Release notes for the Splunk Add-on for Microsoft SQL Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters