Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Installation and setup overview

This topic provides an overview of how to install and set up Splunk DB Connect.

Installation and setup overview

To deploy Splunk DB Connect on either a single instance of Splunk Enterprise or on a search head in a distributed deployment, you must have:

Once the prerequisites are in place, you can start the DB Connect installation process:

  1. Download and install the DB Connect add-on.
  2. Install a JDBC driver for your database. See Install database drivers.
  3. After installing DB Connect and restarting Splunk Enterprise, launch DB Connect.
  4. Create a database identity and set up a database connection.
  5. Create a new database input and use it as a data input in a Splunk Enterprise search.

For distributed deployments, there are further instructions for deploying the distributed deployment.

Deploy DB Connect to Splunk Cloud

If you want to deploy DB Connect to Splunk Cloud, contact Splunk Support for guidance and assistance. You cannot deploy DB Connect yourself because you cannot configure network access to databases on your Splunk Cloud instance. See Install an add-on in Splunk Cloud for details.

Upgrade an existing DB Connect deployment

Click the Update button and follow the wizard to upgrade your DB Connect using Splunk web, or you can download the package and install the DB Connect.

There are some known limitations on upgrading DB Connect on certain circumstances, please review the following list before upgrading.

  1. If you are running DB Connect on Windows platform and want to upgrade to the higher version. You need to:
    1. Disable DB Connect before upgrading
    2. Upgrade DB Connect and restart Splunk platform.
    3. Enable DB Connect after upgrade
  2. From version 3.1.0, DB Connect uses dbx_settings.py instead of settings.py to configure the task server related settings. If you are using Splunk DB Connect 3 (version 3.0.0, 3.0.1, 3.0.2 etc) and want to upgrade to DB Connect 3.1.0 and later. You have to remove settings.py and any related files such as settings.pyo, settings.pyc from $SPLUNK_HOME/etc/apps/splunk_app_db_connect/bin manually after upgrading DB Connect.
  3. If you are using DB Connect (version prior to 3.0.0) and want to upgrade to DB Connect 3, see Migrate DB Connect deployment to DB Connect 3.
  4. If you want to migrate DB Connect in Splunk Cloud, contact Splunk Support. Do not upgrade from previous versions yourself because you cannot migrate configuration files on your Splunk Cloud instance.
Architecture and performance considerations
Migrate DB Connect deployment to DB Connect 3.0.0

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1


Hi Cdoebert,
Thanks for your comment. I have reached out to our engineering team to investigate how better to perform an upgrade to a newer version without causing problems. We will circle back here with any improvements to the process.

Jrevell splunk, Splunker
October 19, 2017

Why is the app not disabled as part of the upgrade?

If you don't disable the app before trying to upgrade, not only does the upgrade fail, but it hoses the entire app up to the point that it doesn't run AND you can't disable it to allow the upgrade to finish, forcing a manual uninstall and reinstall.

October 6, 2017

Hi Tyler
Thanks for providing the additional information. OpenJDK is not supported in DB Connect

Rwang splunk, Splunker
March 12, 2017

The following command will find the java_homes you have installed and then tell you what version they are:
find /usr/ -name java -type f -print -exec {} \-version \;

"Java HotSpot..." = good
"OpenJDK..." = bad

Tmuth splunk, Splunker
March 9, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters