Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

NOTE - Splunk DB Connect version 1.x reached its End of Life on July 28, 2016. Please see the migration information.
This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Add a database

Splunk DB Connect provides built-in support for a variety of databases (see "About Splunk DB Connect"). You can also add custom support for any database that has a JDBC driver.

Note: At a minimum, Splunk DB Connect supports querying custom database connections. For some custom database connections, certain query-related features may not work. Also, depending on the database-implementation of the JDBC driver, the dbinfo search command may not work as expected.

Download and install the relevant JDBC driver

Before you can add a custom database connection, you must download the JDBC (Java Database Connectivity) driver for the database you want to add, and copy the .jar file to $SPLUNK_HOME/etc/apps/dbx/bin/lib.

Add the custom database to database_types.conf

When you add a custom database connection that Splunk DB Connect does not support by default, you must create a stanza to define the database connection in a copy of database_types.conf.

Important: Do not edit the database_types.conf file in $SPLUNK_HOME/etc/apps/dbx/default. Instead, copy the filed to $SPLUNK_HOME/etc/apps/dbx/local and perform your edits there. For more information, see About configuration files.

Example new database stanzas in database_types.conf

        displayName = MS-SQL Server Using MS Generic Driver
        jdbcDriverClass = com.microsoft.sqlserver.jdbc.SQLServerDriver
        testQuery = SELECT 1
        connectionUrlFormat = jdbc:sqlserver://{0}:{1};databaseName={2};selectMethod=cursor

	displayName = PostgreSQL
	jdbcDriverClass = org.postgresql.Driver
	defaultPort = 5432
	connectionUrlFormat = jdbc:postgresql://{0}:{1}/{2}
	testQuery = SELECT 1 AS test
	defaultCatalogName = postgres
	defaultSchema = public

Connection Validation

Each time DB Connect uses a database connection, it tries to validate that the database connection is actually working. If validation fails, you might see an error message, such as "ValidateObject failed".

DB Connect uses these two methods to validate a connection:

  • If a testQuery is specified in database_types.conf, DB Connect executes that query, and receives a response that validates that the connection is working.
  • If testQuery is not specified, DB Connect uses the Java method connection.isValid(), and relies on the JDBC driver to answer. Some JDBC drivers do not implement this API call (seems like Derby is build against Java 1.5 source, where JDBC doesn't have the method isValid). The workaround is to specify a manual testQuery, such as SELECT 1.

Note: You can disable connection validation by setting validationDisabled=true in database_types.conf.

Add the database connection in Manager

After you add the custom database, proceed to "Add or manage a database connection" to setup and manage your database connection.

Install database drivers
Manage a database connection

This documentation applies to the following versions of Splunk® DB Connect: 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2


For more recent oracle jdbc driver, please specify the following jdbcDriverClass <br /><br />jdbcDriverClass = oracle.jdbc.OracleDriver

Luan splunk
July 29, 2014

For more info on testQuery, which can cause "Error getting database connection: Could not create a validated object, cause: ValidateObject failed", see http://splunk-base.splunk.com/answers/71977/

Goldburtd, Splunker
April 18, 2013

To use Splunk DB Connect with Oracle tnsnames.ora first install the jdbc libraries:<br />http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html<br /><br />Copy jars to lib path for jbridge:<br />ex: cp /usr/lib/oracle/11.2/client64/lib/*.jar /opt/splunk/etc/apps/dbx/bin/lib<br /><br />Add entry in /opt/splunk/etc/apps/dbx/local/database_types.conf copied from: /opt/splunk/etc/apps/dbx/default/database_types.conf<br /><br />[oracle_tnsnames]<br />displayName = Oracle TNS Names<br />jdbcDriverClass = oracle.jdbc.driver.OracleDriver<br />connectionUrlFormat = jdbc:oracle:thin:@{2} # {2} is the Database/SID field in the Splunk dbx config screen, host and port field are ignored<br />testQuery = SELECT 1 FROM DUAL<br />defaultCatalogName = oracle<br /><br /><br />Added jvm option for tnsnames.ora location:<br /><br />/opt/splunk/etc/apps/dbx/local/java.conf<br />[java]<br />home = /usr/lib/jvm/java-1.7.0-openjdk-<br />options = -Xmx512m -Dfile.encoding=UTF-8 -server -Duser.language=en -Duser.region= -Doracle.net.tns_admin=/opt/splunk/etc/apps/dbx/local/

January 3, 2013

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters