Splunk® DB Connect

Deploy and Use Splunk DB Connect

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk® DB Connect. Click here for the latest version.
Acrobat logo Download topic as PDF

Single server deployment

This topic shows you how to install and configure Splunk® DB Connect on a single instance (the indexer and Splunk Web both running on the same system). Ensure you meet all prerequisites before installing.

Install the Splunk DB Connect

To install Splunk DB Connect, use Splunk Web:

  1. Log in to Splunk Web and go to Apps > Find More Apps.
  2. Use the search box to find db connect.
  3. Click the green Install button next to Splunk DB Connect.
  4. Click Restart Splunk.

You can also download the app package from Splunkbase and then install it offline:

  1. Download Splunk DB Connect and save it to a temporary location that you can access from your Splunk Enterprise instance.
  2. Log in to Splunk Web, go to Apps > Manage Apps, then click Install app from file.
  3. Navigate to the package that you downloaded—splunk_app_db_connect-<version>.tgz—and click Upload.
  4. Click Restart Splunk.

You can also install DB Connect by copying its directory into your Splunk Enterprise apps directory:

  1. Download Splunk DB Connect and save it to a temporary location that you can access from your Splunk Enterprise instance.
  2. Un-tar the download.
  3. Move the splunk_app_db_connect directory into $SPLUNK_HOME/etc/apps.
  4. Restart Splunk Enterprise.

Install database drivers

Before setting up Splunk DB Connect, install a JDBC driver for your database. See Install database drivers. You can proceed without having first installed database drivers, but you need to do so before you can use DB Connect to connect to your database.

Set up Splunk DB Connect

Before you can start using Splunk DB Connect, you need to set it up.

When you open Splunk DB Connect for the first time, you see the following screen:


Click Setup to access the general settings page. See General Settings for more detailed instruction on how to configure the settings of this page.

Note: When you install Splunk DB Connect and enable SSL for the RPC server, DB Connect generates an RPC server SSL certificate with a validity period of two years at $SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/default.jks. Periodically check the validity of the certificate by running the following command:

$JRE_Installation_Path/bin/keytool -list -v -keystore $SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/default.jks

To renew the certificate, delete the default.jks file just before or after it is set to expire. DB Connect regenerates the certificate.

Last modified on 29 June, 2017
Install database drivers
Distributed deployment

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters