Splunk® Supported Add-ons

Splunk Add-on for Microsoft SQL Server

Download manual as PDF

Download topic as PDF

Install the Splunk Add-on for Microsoft SQL Server

To install the Splunk Add-on for Microsoft SQL Server, perform the following steps:

  1. Get the Splunk Add-on for Microsoft SQL Server by downloading it from http://splunkbase.splunk.com/app/2648 or browsing to it using the app browser within Splunk Web.
  2. Determine where and how to install this add-on in your deployment, using the tables on this page.
  3. Perform any prerequisite steps before installing, if required and specified in the tables below.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed deployment

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where Microsoft SQL Server knowledge management is required.
Indexers Yes No Not required, because this add-on does not include any index-time operations.
Heavy Forwarders Yes No To collect dynamic management view data, trace logs, and audit logs, you must use Splunk DB Connect on a search head or heavy forwarder. The remaining data types support using a universal or light forwarder installed directly on the machines running MS SQL Server.
Universal Forwarders Yes No To collect dynamic management view data, trace logs, and audit logs, you must use Splunk DB Connect on a search head or heavy forwarder. The remaining data types support using a universal or light forwarder installed directly on the machines running MS SQL Server.

Distributed deployment feature compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality.
Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the eventgen.conf file and all files in the samples folder.
2. Remove the default\inputs.conf file. If you run your DB Connect inputs from your search head cluster captain, you can keep the default\inputs.conf file on your search heads for reference, but follow the documentation to copy the relevant sections to the DB Connect inputs file rather than enabling any inputs in the add-on's inputs.conf file.
Indexer Clusters Yes Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the eventgen.conf file and all files in the samples folder.
2. Remove the default\inputs.conf file.
Deployment Server Conditional Supported for deploying the configured add-on to multiple universal forwarders for local data collection via file monitoring and Windows performance monitoring. Not supported for DB Connect inputs.

Installation walkthrough

See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

PREVIOUS
Create audit objects in Microsoft SQL Server for the Splunk Add-on for Microsoft SQL Server
  NEXT
Configure monitor inputs and Windows Performance Monitoring inputs for the Splunk Add-on for Microsoft SQL Server

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters