Manage a database connection
Before you can interact with a database through Splunk DB Connect, you must configure a connection to that database. You can then use the database in queries, lookups, inputs, and outputs.
Create a new database connection
1. In Splunk Web, select Apps > Splunk DB Connect.
2. Click Database connections in Splunk Manager.
The External Databases page shows a list of existing database connections.
3. Click New.
The Add New External Databases page opens.
4. Enter the following:
- Name: Type a unique name that identifies your new database connection.
- Database Type: The type of database to which you want to connect.
- Transaction Isolation Level: The transaction isolation level determines the degree to which database transactions are isolated from other concurrent transactions. This typically involves the use of data locking to prevent concurrent transactions on shared database objects (such as rows, pages, etc.), which can cause undesirable read phenomena, data corruption, and data loss.
Select a transaction isolation level for this database connection:
DATABASE_SETTING: Select this option to maintain your database's existing transaction isolation level. Splunk makes no changes to the existing isolation settings.
TRANSACTION_NONE: This option is not supported in the current release of DB Connect.
TRANSACTION_READ_UNCOMMITTED: This is the lowest isolation level. This level allows "dirty reads," as a transaction may return a value that is not committed (and can be rolled back to a pervious value) and is thus invalid. This level is appropriate for queries of static tables whose data is not being modified. This is the only isolation level available to databases that do not have transactions.
TRANSACTION_READ_COMMITTED: This isolation level locks a row until after it is committed, thus preventing dirty reads. This level is appropriate when each row of data is processed as an independent unit, without reference to other rows. Use this option to guarantee that all retrieved rows are committed when the row is retrieved. This isolation level does not place a lock on retrieved rows, however, so "phantom reads" can occur.
TRANSACTION_REPEATABLE_READ: In this isolation level, transactions maintain read/write locks on all retrieved rows until the end of the transaction. This ensures that retrieved rows are not updated during the transaction. However, range-locks are not managed, so phantom reads can occur.
TRANSACTION_SERIALIZABLE: This is the highest transaction isolation level. In this level, a shared lock is placed on every row selected during the transaction. Another transaction can also place a shared lock on a selected row, but no other process can modify any selected row during your transaction or insert a row that meets the search criteria of your query during your transaction. The shared locks are released only when the transaction is committed or rolled back. This is the only isolation level that prevents phantom reads.
For more information on Informix Isolation Levels, see the IBM Informix documentation.
<SERVERNAME>\<DATABASE>for the host field.
<DOMAIN>\<USERNAME>. arg.useNTLMv2 = trueis implied if you use this notation. You can override this in the config file.
Note: When you add a local database such as SQLite, specify the fully qualified path to the database file. You can place the SQLite file into
$SPLUNK_HOME/var/dbx and name it
database_name.sqlitedb. You can then use "database_name" instead of the fully qualified path.
- MS SQL database connections require this additional parameter:
- Informix database connections require an additional parameter, such as:
ifxjdbc.jar) is installed in $SPLUNK_HOME/etc/apps/dbx/bin/lib.
Modify a database connection
You can modify or delete a database connection using the same External Databases page.
1. On the External Databases page, click the name of the specific database connection that you want to modify.
The configuration page for that database connection opens.
2. Make changes to the database connection configuration and click Save.
Delete a database connection
1. On the External Databases page, click Delete to the right of the database connection name.
2. Click OK.
The database connection is deleted.
After you modify or delete the database connection, Splunk reloads the Java Bridge Server (JBS) database list.
Manage database connections using configuration files
You can manage your database connections by editing a copy of the
database.conf file, or, if you're connecting to a database not supported out-of-the-box, the
Important: Do not edit these configuration files in
$SPLUNK_HOME/etc/apps/dbx/default. You must create and edit a new copy of each configuration file in
$SPLUNK_HOME/etc/apps/dbx/local. See "About configuration files".
After you edit
database.conf, you can restart Splunk (which also restarts the JBS), or reload Splunk using this command:
splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/reload.py databases
The Java Bridge Server picks up the configuration file modifications and encrypts passwords in the configuration files.
Add a database
Configure database input queries
This documentation applies to the following versions of Splunk® DB Connect: 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2