Set up search head pooling
- Note: The search head pooling feature has been deprecated as of Splunk Enterprise version 6.2. This means that although it continues to function, it might be removed in a future version.
If you're using search head pooling with Splunk DB Connect, you must run the
dbx_shpinst.py script against each search head for each database connection to ensure that the database password is encrypted with the Splunk secret key for that particular search head.
While you can install and configure Splunk DB Connect on a single search head, in a pooling environment, the app state is written to shared storage and is visible to all search heads.
In addition, the Java Server Bridge will work only on the search head on which the database connection is configured (because the password is encrypted with that particular search head's secret key).
To make the Java Bridge Server work on all search heads, you must run the
dbx_shpinst.py script against each search head and each database connection. See example below.
Set up search head pooling for Splunk DB Connect
These instructions assume you have already created a search head pooling environment. If you have not yet done so, see Create a search head pool for complete instructions.
To setup search head pooling for Splunk DB Connect:
On each search head:
- Install JRE in the same location. The java path must be the same on each search head. (To see if your database requires JDBC driver installation, see Install database drivers.)
- Make sure the Java Bridge Server port is open in
On any search head:
- Install and configure the Splunk DB Connect app. This includes creating a database connection for each database. For instructions on how to install apps in a search head pooling environment, see Create a search head pool. Note: The database connection name will be the same on each search head.
- Run the
dbx_shpinst.pyscript against each search head, as follows:
./splunk cmd python <path_to_shared_storage>/etc/apps/dbx/bin/dbx_shpinst.py <searchHeadHost>:<searchHeadHostPort> --user <userName> --targetuser <targetUserName> --db <databaseName> splunk password: database password:
userName must belong to the Admin role and
targetUserName must have permission to access
admin, you don't need to specify
--targetuser is the Splunk user (not database user) under whose context a database configuration is stored. By default,
--targetuser is "nobody." Specify
--targetuser only if you need to locate a db configuration that is stored in a specific Splunk user context. For example:
./splunk cmd python <path_to_shared_storage>/etc/apps/dbx/bin/dbx_shpinst.py localhost:8089 --user julian --targetuser admin --db oracle splunk password: database password:
Note: You must rerun the
dbx_shpinst.py script against each search head for every subsequent database password change.
This example shows you how to setup search head pooling for a Splunk DB Connect deployment that includes 3 search heads and 2 database connections.
First, we setup search head pooling for our 3 search heads, as shown in Create a search head pool.
Next, we create 2 database connections on search head 1. The other two search heads pick up the database configuration from shared storage used by search head pooling.
Here we see the configuration of each database connection in
[MSSQL] database = dbxtest host = 10.75.0.50 password = enc:CDr9SiQKgXhss4JDRxb7vQ== readonly = 1 type = mssql username = sa [mysql] database = orders host = 10.75.0.50 password = enc:pDWbcIFP7iPt11cDHMe9Zw== port = 9408 readonly = 1 type = mysql username = mktadmin disabled = 0
Complete the following tasks on each search head where the DB Connect app will be used to connect to the above databases:
1. Execute the
dbx_shpinst.py script from search head
$SPLUNK_HOME/bin, as shown:
./splunk cmd python /<path_to_shared_storage>/etc/apps/dbx/bin/dbx_shpinst.py <searchHeadHost>:<searchHeadHostPort> --user <userName> --db <databaseName>
./splunk cmd python /<path_to_shared_storage>/etc/apps/dbx/bin/dbx_shpinst.py splunksh01:8089 --user admin --db MSSQL
You will then be prompted to enter passwords for
splunk user (--user) and
dbx_shpinst.py has successfully executed, the following message appears:
Password at <searchHeadHost> set successfully.
Note: You must repeat step 1 on each search head for each database connection.
2. Verify that a
distributed.conf file has been created under the search pool location
After repeating step 1 for all 3 search heads and 2 database connections, our
/<path_to_shared_storage>/etc/apps/dbx/local/distributed.conf should look like this:
[MSSQL@splunksh01] password = enc:CDr9SiQKgXhss4JDRxb7vQ== readonly = 1 [MSSQL@splunksh02] password = enc:pDWbcIFP7iPt11cDHMe9Zw== readonly = 1 [MSSQL@splunksh03] password = enc:WE44Q8qoC8Lm8roTDE5SvQ== readonly = 1 [mysql@splunksh01] password = enc:QOcS2rA2GcfSjq+3HoHtTw== readonly = 1 [mysql@splunksh02] password = enc:EnYgSEcf+dfskTOSlcAzWw== readonly = 1 [mysql@splunksh03] password = enc:RbQQeXTUPYYL/FBHPMCBjQ== readonly = 1
distributed.conf file will be used by the db connect instances on the search heads to decrypt the database connection passwords. Since each search uses its own secret key, the password strings should be different.
Security and access controls
Use database search commands
This documentation applies to the following versions of Splunk® DB Connect: 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2