Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

NOTE - Splunk DB Connect version 1.x reached its End of Life on July 28, 2016. Please see the migration information.
This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Manage a database connection

Before you can interact with a database through Splunk DB Connect, you must configure a connection to that database. You can then use the database in queries, lookups, inputs, and outputs.

Note: To setup a connection to a database that is not listed under Supported Databases, see Add a database.

Create a new database connection

1. In Splunk Web, select Apps > Splunk DB Connect.

2. Click Database connections in Splunk Manager.

The External Databases page shows a list of existing database connections.

3. Click New.

The Add New External Databases page opens.

4. Enter the following:

  1. Name: Type a unique name that identifies your new database connection.
  2. Database Type: The type of database to which you want to connect.
  3. Transaction Isolation Level: The transaction isolation level determines the degree to which database transactions are isolated from other concurrent transactions. This typically involves the use of data locking to prevent concurrent transactions on shared database objects (such as rows, pages, etc.), which can cause undesirable read phenomena, data corruption, and data loss.
  4. Select a transaction isolation level for this database connection:

    • DATABASE_SETTING: Select this option to maintain your database's existing transaction isolation level. Splunk makes no changes to the existing isolation settings.
    • TRANSACTION_NONE: This option is not supported in the current release of DB Connect.
    • TRANSACTION_READ_UNCOMMITTED: This is the lowest isolation level. This level allows "dirty reads," as a transaction may return a value that is not committed (and can be rolled back to a pervious value) and is thus invalid. This level is appropriate for queries of static tables whose data is not being modified. This is the only isolation level available to databases that do not have transactions.
    • TRANSACTION_READ_COMMITTED: This isolation level locks a row until after it is committed, thus preventing dirty reads. This level is appropriate when each row of data is processed as an independent unit, without reference to other rows. Use this option to guarantee that all retrieved rows are committed when the row is retrieved. This isolation level does not place a lock on retrieved rows, however, so "phantom reads" can occur.
    • TRANSACTION_REPEATABLE_READ: In this isolation level, transactions maintain read/write locks on all retrieved rows until the end of the transaction. This ensures that retrieved rows are not updated during the transaction. However, range-locks are not managed, so phantom reads can occur.
    • TRANSACTION_SERIALIZABLE: This is the highest transaction isolation level. In this level, a shared lock is placed on every row selected during the transaction. Another transaction can also place a shared lock on a selected row, but no other process can modify any selected row during your transaction or insert a row that meets the search criteria of your query during your transaction. The shared locks are released only when the transaction is committed or rolled back. This is the only isolation level that prevents phantom reads.

      For more information on Informix Isolation Levels, see the IBM Informix documentation.

  5. Host: The host name or IP address of the database server. For local database types (such as SQLite or ODBC) you can use any value (for example, "localhost"). For Microsoft SQL servers, you can use a fully qualified domain name, a short name, or an IP address. Do not use the Microsoft SQL convention of <SERVERNAME>\<DATABASE> for the host field.
  6. Port: The TCP Port to connect to. You can leave this field empty if you are using the default port of the selected database type or if the database is local. Many Microsoft SQL Servers use dynamic ports instead of TCP/1433. Work with your database administrator to identify the correct port, or see "Verifying the port configuration of an instance of SQL Server" .
  7. Username and Password: If the database connection requires username and password for authentication, provide them here. For Windows users, you can use the following notation in the Username field: <DOMAIN>\<USERNAME>. arg.useNTLMv2 = true is implied if you use this notation. You can override this in the config file.
  8. Database: You can leave this field empty to connect to the default database, if the selected database type supports this.
  9. Note: When you add a local database such as SQLite, specify the fully qualified path to the database file. You can place the SQLite file into $SPLUNK_HOME/var/dbx and name it database_name.sqlitedb. You can then use "database_name" instead of the fully qualified path.

  10. Additional JDBC Parameters: Enter additional JDBC parameters to connect with your database.
    MS SQL database connections require this additional parameter:
    Informix database connections require an additional parameter, such as:
  11. Important: If you are connecting to an Informix database, make sure the Informix JDBC driver (ifxjdbc.jar) is installed in $SPLUNK_HOME/etc/apps/dbx/bin/lib.
  12. Read only check box: You can set the database connection to read-only. If this check box is selected, Splunk DB Connect will not run any SQL statements that modify the database. And the </code>dboutput</code> command will not work.
  13. Validate Database Connection: If this check box is selected, Splunk DB Connect tries to connect to the database before saving the connection information. If the connection does not succeed, an error message appears.
  14. </ol>

    Modify a database connection

    You can modify or delete a database connection using the same External Databases page.

    1. On the External Databases page, click the name of the specific database connection that you want to modify.

    The configuration page for that database connection opens.

    2. Make changes to the database connection configuration and click Save.

    Delete a database connection

    1. On the External Databases page, click Delete to the right of the database connection name.

    2. Click OK.

    The database connection is deleted.

    After you modify or delete the database connection, Splunk reloads the Java Bridge Server (JBS) database list.

    Manage database connections using configuration files

    You can manage your database connections by editing a copy of the database.conf file, or, if you're connecting to a database not supported out-of-the-box, the database_types.conf file.

    Important: Do not edit these configuration files in $SPLUNK_HOME/etc/apps/dbx/default. You must create and edit a new copy of each configuration file in$SPLUNK_HOME/etc/apps/dbx/local. See "About configuration files".

    After you edit database.conf, you can restart Splunk (which also restarts the JBS), or reload Splunk using this command:

    splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/reload.py databases

    The Java Bridge Server picks up the configuration file modifications and encrypts passwords in the configuration files.

Add a database
Configure database input queries

This documentation applies to the following versions of Splunk® DB Connect: 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters