Splunk® DB Connect

Deploy and Use Splunk DB Connect

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

About Splunk DB Connect

Splunk DB Connect 3 enables you to combine your structured data from databases with your unstructured machine data, and then use Splunk Enterprise to provide insights into all of that combined data.

When you use Splunk DB Connect, you are creating additional data inputs for Splunk Enterprise. That is, you're giving Splunk Enterprise more sources of data to consume. Splunk DB Connect is what connects your relational database data to Splunk Enterprise and makes that data consumable by Splunk Enterprise. In addition, Splunk DB Connect can do the reverse—write Splunk Enterprise data back to your relational database.

For more information about how DB Connect works, see How Splunk DB Connect works.

What DB Connect can do

Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.

DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.

DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.

Who DB Connect is for

Splunk DB Connect is great for users who:

  • Want to quickly get data from a database into Splunk Enterprise.
  • Want to perform on-the-fly lookups from data warehouses or state tables within Splunk Enterprise.
  • Want to index structured data stored in databases in streams or batches using Splunk Enterprise.
  • Want to write Splunk Enterprise data into databases in streams or batches.
  • Want to preview data and validate settings such as locale and time zone, rising column and metadata choice, and so on before indexing begins, to prevent accidental duplication or other problems later on.
  • Want to scale, distribute, and monitor database read-write jobs to prevent overload and be notified of failure.
  • Want to know what databases are accessible to which Splunk Enterprise users, to prevent unauthorized access.
Last modified on 19 February, 2017
  NEXT
What's new in Splunk DB Connect

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters