Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

NOTE - Splunk DB Connect version 1.x reached its End of Life on July 28, 2016. Please see the migration information.
This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Install Splunk DB Connect

This page shows you how to install and configure Splunk DB Connect. It assumes that you have an existing Splunk instance to use as the underlying platform. For information on installing Splunk, refer to "Before you install" in the Splunk Enterprise platform documentation.

Note: Modifying inputs.conf file stanzas outside of the DB Connect app, such as in the search app, or manager context is not supported.

Install the Splunk DB Connect App

The easiest way to install the Splunk DB Connect App is to use Splunk Web, as follows:

1. Download Splunk DB Connect and save it to a temporary location accessible from your Splunk instance.

2. Log into Splunk Web, go to Apps > Manage Apps and click Install app from file.

3. Select the app package splunk-db-connect_<version>.tgz and upload it.

4. When the upload is complete, follow the instructions to restart Splunk.

Upgrade from a previous version

Note: Currently, there is no built-in mechanism to rollback an upgrade, so we strongly recommend making a backup of the $SPLUNK_HOME/etc/apps/dbx directory prior to upgrading.

Upgrading from an earlier version of Splunk DB Connect is similar to installing the app from scratch:

1. Download the latest Splunk DB Connect installation package from Splunk Apps.

2. Log into Splunk Web, go to Apps > Manage Apps and click Install app from file.

3. Browse to the DB Connect installation package (.tgx) that you downloaded to a temporary location, and click Upload. If you are upgrading from an earlier version of the app, check the Upgrade app box. This overwrites the earlier version of the app with the newer version.

4. Click Restart Splunk when prompted; or restart Splunk via the command line, as shown:

./splunk restart

If you encounter problems with this standard upgrade approach, try this upgrade procedure.

Note: After upgrading DB Connect, you might encounter this error creating PersistentValueStore.

Setup Splunk DB Connect

After you install DB Connect and restart Splunk Enterprise, you must complete the following setup tasks:

Enable splunkd SSL

To run DB Connect, you must enable SSL for splunkd.

1. Go to $SPLUNK_HOME/etc/system/local/server.conf.

2. In the [sslConfig] stanza, set enableSplunkdSSL to true, as shown:

[sslConfig]
enableSplunkdSSL = true

Note: splunkd is enabled by default.

Complete the app setup from the UI

1. Go to Apps > Splunk DB Connect.

The Splunk DB Connect Setup page appears.

2. Enter your JAVA_HOME path. This is where your JRE (Java Runtime Environment) resides. For example:

echo $JAVA_HOME 

/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre

3. Click Save.

This enables the Java Bridge Server.

Note: To verify that the Java Bridge Server is running, make sure that the scripted input jbridge_server.py is enabled. See step 3 of Command Line Setup.

Command Line Setup

You can setup DB Connect manually from the command line.

1. Create $SPLUNK_HOME/etc/apps/dbx/local/app.conf

[install]
is_configured = 1

2. Create $SPLUNK_HOME/etc/apps/dbx/local/java.conf

[java]
home = <JAVA_HOME path>

This is the path to your ( JRE) Java Runtime Environment. For example:

home=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre

3. Enable the Java Bridge Server (scripted input) in $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0

4. Create the sink for database inputs in $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf

[batch://$SPLUNK_HOME/var/spool/dbmon/*.dbmonevt]
crcSalt = <SOURCE>
disabled = 0
move_policy = sinkhole
sourcetype = dbmon:spool

5. Restart Splunk

Advanced Setup Options

Use the following information to setup custom configurations for Splunk DB Connect in $SPLUNK_HOME/etc/apps/dbx/local/java.conf

Java Settings

[java]

home = <JAVA_HOME path>

  • Path to your JRE (Java Runtime Environment) directory. Your JAVA_HOME environment variable retrieves this path.

options = <string>

  • Java command line options. These (optional) parameters are called when you start your Java instance. You can specify multiple optional parameters, including:
    • -Xmx: Maximum memory usage. Change the value of this parameter if your Java application requires more or less memory. For example, you can increase the default value (-XMx256m) to a higher value, such as -XMx512m or -Xmx1024m.
    • -Duser.language: Default user language. For example, -Duser.language=en
    • -Dfile.encoding: Default file encoding. For example, -Dfile.encoding=UTF-8
    • -Duser.region: Default region. For example, -Duser.region=US (See Class Locale.)

Important: Incorrect formatting of this field can prevent Splunk DB Connect from starting correctly.

Java Bridge Server

[bridge]

addr = <bind address>

  • The IP address of your Java Bridge Server (typically 127.0.0.1 (localhost)).

port = <bind port>

  • The port of your Java Bridge Server. Default is 17865.
Important: There must not be any firewall rules activated for this port. 

threads = <n>

  • The size of the thread pool for Java Bridge command execution. Determines the number of commands that can run concurrently.

Note: Too many or too few threads can slow performance of the Java Bridge service.

debug = true|false

  • Turns on debugging for the Java Bridge client. When enabled, the Java Bridge logs any debug information in jbridge_client.log.

Important: Enabling debugging can have a negative impact on performance. We do not recommend enabling debugging for the Java Bridge client in a production environment.

Logging settings

  • level: Log severity level for Splunk DB Connect.
  • file: The name of the Splunk DB Connect log file located in $SPLUNK_HOME/var/log/splunk. The default log file name is dbx.log

Database Connection Handling

  • Factory Type
  • Enable connection pooling
  • Cache database and table metadata
  • Preload database configuration

Database Inputs

  • Scheduler Threads
  • Output Type
  • Default timestamp output format

Database Lookups

  • Enable caching of database lookup definitions
  • Cache invalidation timeout

Persistence

  • Global Store type
PREVIOUS
Architecture and performance
  NEXT
Install database drivers

This documentation applies to the following versions of Splunk® DB Connect: 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters