Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Create and manage identities

An identity object contains database credentials. It is comprised of the username and obfuscated password that Splunk DB Connect uses to access your database.

Dbx-connection ident.png

Be aware that these are database credentials, and are not the same as your Splunk Enterprise credentials. When you configure an identity, you use the Splunk Enterprise role-based access control system to define access to the identity.

Create an identity

To create an identity:

  1. From within Splunk DB Connect, click the Explorer tab.
  2. Click the Identities node in the tree-view control.
  3. Click New Identity. The New Identity screen appears. Dbx21 newidentity.png
  4. Complete the following fields:
    • Identity Name
    • Username: Enter the name of the database user you want to connect as.
      Note: Ensure that the database user has sufficient access to the data you want to search. For example, you might create a database user account whose access is limited to just the data you want Splunk Enterprise to consume.
    • Password: Enter the password for the user you entered in the Username field.
      Note: Your password is encrypted. This field is required for DB Connect to connect to your database.
    • Confirm Password: Enter the password again.
    • Use Windows Authentication Domain: This setting is for identities that connect to Microsoft SQL Server databases. Enable this setting if you need to specify a Windows Authentication Domain.
    • Windows Authentication Domain: If you selected the Use Windows Authentication Domain checkbox, enter the domain in this field. For more information about connecting to Microsoft SQL Server databases using Windows Authentication, see "Microsoft SQL Server."
  5. In the Permissions table, update the Splunk Enterprise permissions for this identity. For more information, see Permissions.
  6. Click Save.

Edit Identities

To see a list of the defined identities, first click the Explorer tab. To see a list of all identities, expand the Identities node in the tree-view control.

Note: You can restrict which identities appear here for different Splunk Enterprise roles by assigning permissions. For more information, see Permissions.

To edit an identity, click its name. You can edit the following attributes of an identity, except where noted:

  • Status: Disable an identity by clicking Disable here. You cannot disable an identity if any inputs, outputs, or lookups are using it. In that case, this button is greyed out.
  • Identity Name: Not editable. To change the name of an identity, clone it, give the clone the name you want, and then delete the original identity.
  • Username
  • Password
  • Use Windows Authentication Domain? checkbox
  • Windows Authentication Domain
  • Assigned Connections: A list of the connections that use this identity. You cannot edit this list. Instead, change the identity to use with a connection by editing the connection. While an identity can be used by several connections, each connection can only be assigned a single identity.
  • Permissions: Specify the Splunk Enterprise roles that have read, read-write, or no access to the identity. For more information, see Permissions.


The Permissions table is where you specify the Splunk Enterprise roles that have read, read-write, or no permissions to the identity. Read access means that Splunk Enterprise roles will be able to use the identity. Read-write access means that Splunk Enterprise roles will be able to use and modify the identity. By default, the Splunk Enterprise "admin" and "db_connect_admin" roles have read-write access to a new identity, the "db_connect_user" role has read access, and all other roles have no access.

Configure security and access controls
Create and manage database connections

This documentation applies to the following versions of Splunk® DB Connect: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 2.4.1

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters