Splunk® Supported Add-ons

Splunk Add-on for MySQL

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure inputs for the Splunk Add-on for MySQL

To gather data from MySQL, the Splunk Add-on for MySQL leverages Splunk DB Connect.

Set up the database connection

1. Download the connector driver for MySQL database from https://dev.mysql.com/downloads/connector/j/

2. Place the driver file called mysql-connector-java*.jar in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ on the part of your Splunk Enterprise architecture performing the data collection.

3. Still on the part of your Splunk Enterprise architecture performing data collection, go to Splunk DB Connect in Splunk Web.

4. Create an identity for establishing a connection to a database. Make sure the DB user for this identity has access to MySQL information_schema, performance_schema and mysql schemas.

Use the Splunk DB Connect GUI to create a database connection

To create a database connection to the MySQL using the Splunk DB Connect GUI:

refer to the "Create and manage database connections" in the Splunk DB Connect manual for step-by-step instructions for using the GUI to set up a new database connection.

Configure the inputs using the Splunk DB Connect GUI

If you want to create MySQL database input, choose the template created for 'Splunk Add-on for MySQL under Template field of DB Connect.

Configure the inputs using the Splunk DB Connect v3.5.1 or lower

For cloud environment, please contact Splunk Cloud SRE

1. Configure the Splunk Add-on for MySQL, if you have not done so already.
2. Copy the following text:

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query all database instances in a MySQL box
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 86400
max_rows = 0
mode = batch
query = show databases;
query_timeout = 30
sourcetype = mysql:database
template_name = mysql:database
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query innodb engine of the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 120
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW ENGINE INNODB STATUS;
query_timeout = 30
sourcetype = mysql:innodbStatus
template_name = mysql:innodbStatus
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query all of the current running process of the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 120
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW FULL PROCESSLIST;
query_timeout = 30
sourcetype = mysql:databaseProcess
template_name = mysql:databaseProcess
source = <source>

[<input_name>]
batch_upload_size = 1000
connection = <connection>
description = Query grant actions in the database
disabled = 0
fetch_size = 300
index = <index>
index_time_mode = current
input_type = event
interval = 300
max_rows = 0
mode = batch
tail_rising_column_number =
query = SHOW GRANTS;
query_timeout = 30
sourcetype = mysql:grants
template_name = mysql:grants
source = <source>


3. Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_mysql/local, and open db_inputs.conf.
4. Paste your copied MySQL inputs to In db_inputs.conf.
5. For each of your mysql inputs, change each mention of <input_name>, <connection>, <index> and <source> to appropriate values for each parameters.
6. Save your changes.
7. Restart your Splunk platform deployment.

Last modified on 22 July, 2022
PREVIOUS
Install the Splunk Add-on for MySQL
  NEXT
Troubleshoot the Splunk Add-on for MySQL

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters