Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

Install database drivers

After you've downloaded and installed Splunk DB Connect, the first step in the DB Connect setup process is installing a Java Database Connectivity (JDBC) database driver.
After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup.

Supported databases

Splunk DB Connect supports the databases listed in the following matrix.
Note:

  • The driver listed in the JDBC driver name/link column is the driver that Splunk has tested with Splunk DB Connect.
  • DB Connect supports and has been tested with Java cryptography standard algorithm, if you need stronger algorithm, you have to install the "JCE Unlimited Strength Jurisdiction Policy Files" - legal restrictions may apply in your country (see Java Security Providers and JCE Download pages for details) and consult to your database vendor's documentation on how to configure it.



Database Minimum database version supported JDBC driver name/link JDBC driver version tested SSL support* Cloud support**
AWS RDS Aurora 5.1.24+ MySQL Connector/J 5.1 Yes Yes
AWS RedShift 9.3.5 RedshiftJDBC41-1.2.1.1001.jar.
Note: Not compatible with RedshiftJDBC42-1.2.1.1001.jar.
1.2 Yes Yes
IBM DB2 for Linux 10.5 DB2 JDBC Driver (JCC4) 4.16 Yes Yes
Informix 12.10 Informix JDBC Driver 3.0 Yes Yes
MemSQL 5.5.8 MySQL Connector/J 5.1 No No
Microsoft SQL Server 11.00.2218 Microsoft JDBC Driver for SQL Server 4.1 and 4.2
(4.2 is recommended)
Yes Yes
jTDS JDBC Driver 1.3 No No
MySQL 5.1.24+ MySQL Connector/J 5.1 Yes Yes
Oracle Database 11g Oracle JDBC driver (ojdbc7.jar) 12.1 Yes Yes
PostgreSQL 9.3.5 JDBC41 PostgreSQL Driver 9.4 Yes Yes
SAP SQL Anywhere
(aka Sybase SA)
16.0.0.1948 Sybase jConnect 7.0 No No
Spark SQL
1.6 Simba JDBC Driver 1.0.2.1004 Yes Yes
Sybase ASE 15.7 Developer’s Edition Sybase jConnect 7.0 No No
Sybase IQ 15.4.0.3019 Sybase jConnect 7.0 No No
Teradata 15.00.00.07 Teradata JDBC Driver (terajdbc4.jar and tdgssconfig.jar) 15.0 No No

* SSL support: This column specifies whether DB Connect tests and supports Secure Sockets Layer (SSL) connections to this database. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.
** Cloud support: This column specifies whether the database is supported for Splunk Cloud. You must enable SSL connection if you want to use DB Connect in a Splunk Cloud deployment.

Other databases

In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. For more information, see Install drivers for other databases.

Install database drivers

Click the link that corresponds to your database:

Notes:
  • In DB Connect 3.0.0, the main JDBC JAR file and the extended JAR files must be installed in different folders. The path for the extended JAR file is $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/<JDBC driver name>-libs. If you are using Spark SQL, or a Teradata or Oracle database, you must move dependent JAR files manually.
  • Your database connection must be set up to return results encoded in UTF-8. Consult your database vendor's documentation for instructions.
  • DB Connect supports sending data that is in a multi-byte character set, such as Traditional Chinese, using a database output. Depending on your database, you may need to change certain settings on the database side to the database to properly receive and store the data. See Enable output to multi-byte character sets.

IBM DB2

IBM DB2 is supported when the database is running on Linux. Splunk doesn't test or support DB2 on AS/400 or Windows.

Note: IBM DB2 is only supported when the database is running on Linux. Splunk doesn't test or support DB Connect with DB2 on AS/400 or on Windows.
If you want to use GSS API security mechanisms in IBM DB2, download Java Cryptography Extension (JCE) Policy to your $JRE_Installation_Path/jre/lib/security and set the encryptionAlgorithm parameter of JDBC URL as

jdbcUrlFormat = jdbc:db2://<host>:<port>/<database>:securityMechanism=9;encryptionAlgorithm=2;

Follow these instructions to install the DB2 JDBC Driver:

  1. Go to DB2 JDBC Driver Versions and Downloads on the IBM website, and click the link for the latest DB2 Version 10.5 driver.
  2. Click the Download link for the IBM Data Server Driver for JDBC and SQLJ (JCC Driver).
  3. Select the newest fix pack, and then click Continue. You will need to log in with your IBM ID, or create one if you don't already have one.
  4. Click the Download using your browser (HTTPS) radio button, and then Continue.
  5. Right-click the file name, and then save it to your hard disk.
  6. Expand the downloaded file, and then expand the db2_db2driver_for_jdbc_sqlj.zip file.
  7. Copy or move the db2jcc4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  8. Reload the driver under Settings>Drivers.

For additional information, see the Installing and Connecting to Clients documentation on the IBM website.

AWS RDS Aurora, MemSQL, or MySQL

Follow these instructions to install MySQL Connector/J for AWS RDS Aurora, MemSQL, or MySQL databases:

  1. Download the MySQL Connector/J driver, version 5.1.24 or later (mysql-connector-java-*-bin.jar).
  2. Download and uncompress either ZIP or TAR archive files. The uncompressed archive contains the JDBC driver (.jar).
  3. Copy the mysql-connector-java-version-bin.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
  4. Reload the driver under Settings>Drivers

Microsoft SQL Server

You have several options for connecting to a Microsoft SQL Server. Start by determining:

  • Which operating system (Windows or Linux) is running Splunk DB Connect.
  • Which driver you want to use.
  • How your database server authenticates your connection.

See Legends below the table for more detailed explanation.

Follow this table from left to right, choosing the options that correspond to your Microsoft SQL Server environment. For more information about the meaning of each column, see the legend that follows the table.

Operating System* Driver** Authentication*** How to install driver
Windows MS Generic SQL Authentication Install the SQL Server database driver using SQL server authentication
Windows Authentication Install the SQL Server using MS Generic driver with Windows authentication
jTDS SQL authentication Install the SQL Server database driver using SQL server authentication
Windows authentication Install the SQL Server using jTDS driver with Windows Authentication
Linux MS Generic SQL authentication Install the SQL Server database driver using SQL server authentication
Kerberos authentication Install the SQL Server database driver using the MS Generic driver with Kerberos authentication
jTDS SQL authentication Install the SQL Server database driver using SQL server authentication
Windows authentication Install the SQL Server using jTDS driver with Windows Authentication

Legend

* Operating System: The operating system on which DB Connect is running. DB Connect is supported on both Linux and Windows Server.
** Driver: The JDBC driver that DB Connect will use to connect to your database:
*** Authentication: The type of service account that DB Connect will use to connect to your database:
  • SQL Authentication: Log into SQL Server as a SQL Server user. This option assumes you will create an identity that uses a username and password that is defined on the database.
  • Windows Authentication: Log into SQL Server as a Microsoft Integrated Windows Authentication user ("domain user"). This assumes that you are creating an identity that uses a domain, user name, and password to connect to the database, and that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.
  • Kerberos Authentication: DB Connect uses a Kerberos client (Linux) to negotiate an authentication ticket with the Active Directory environment directly. This assumes that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.

Install the SQL Server database driver using a SQL server authentication

If you will log onto your SQL Server database using a SQL Server user name and password (non-domain attached), follow these instructions:

Install the SQL server database driver

  1. Download the appropriate JDBC driver for SQL Server:
    • For the Microsoft JDBC Driver for SQL Server (the "MS Generic Driver"), go to the Microsoft JDBC Drivers for SQL Server download page and click Download. On the Choose the download you want page, select the checkboxes next to the appropriate download: sqljdbc_4.2.8112.100_enu.tar.gz for Linux; sqljdbc_4.2.8112.100_enu.exe for Windows. Be sure to download version 4.2 of the driver, and then click Next. Expand the downloaded file.
    • For the open source jTDS driver, download the driver from the jTDS Project.
  2. Move the driver file to the correct location:
    • For the MS Generic Driver, from inside the sqljdbc_4.2 directory, copy or move the sqljdbc42.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
    • If you will need to use a database service account on Windows with the Generic driver, you will also need to install the JDBC Auth library:
      1. From the Microsoft JDBC Driver 4.2 for SQL Server download, locate the sqljdbc_auth.dll file. This file is at the following path, where <region_code> is the three-letter region code (for example, enu for U.S. English), and <architecture> is the processor type (x86 or x64): Microsoft JDBC Driver 4.2 for SQL Server\sqljdbc_4.2\<region_code>\auth\<architecture>\sqljdbc_auth.dll
      2. Copy the sqljdbc_auth.dll file to C:\Windows\System32 on your Splunk Enterprise server.
      3. From the Windows Control Panel, go to Services, and then get properties on Splunk Service.
      4. Click the Log On tab, and then change the Log on as setting from the Local System account to that of the logged on domain user.
        Note: The domain user should have sufficient privileges to access the SQL Server instance.
      5. Save your changes, and then restart the Splunk Enterprise server for the changes to take effect.
    • For the jTDS driver, copy the .jar file you downloaded to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).

When you create a connection to this database in DB Connect, be sure to choose either MS-SQL Server Using MS Generic Driver or MS-SQL Server Using jTDS Driver, depending on your driver, from the Connection Types popup menu.

Install the SQL Server using jTDS driver with Windows Authentication

If you will log onto your SQL Server database as a Microsoft Integrated Windows Authentication user ("domain user"), follow these instructions. These instructions assume that you are creating an identity that uses a domain, user name, and password to connect to the database, and that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.

Note: These instructions apply whether DB Connect is running on Linux or Windows.
  1. See the instructions on how to Install the appropriate JDBC driver for SQL Server and move the driver to the correct location
  2. When you set up a new identity for this database, be sure to select the checkbox labeled Use Windows Authentication Domain? Then, in the Windows Authentication Domain that appears, type the name of your domain.
  3. When you create a connection to this database, be sure to choose MS-SQL Server Using jTDS Driver With Windows Authentication from the Connection Types popup menu.

Install the SQL Server using MS Generic driver with Windows authentication

If you’re running DB Connect on Windows, you can connect to a Microsoft SQL Server with a Windows domain and user name by using the Microsoft generic driver and enabling the Splunk Enterprise service to run as the logged on domain user:

  1. See the instructions on how to Install the appropriate JDBC driver for SQL Server and move the driver to the correct location
  2. From the Windows Control Panel, go to Services, and then get properties on Splunk Service.
  3. Click the Log On tab, and then change the Log on as setting from the Local System account to that of the logged on domain user.
    Note: The domain user should have sufficient privileges to access the SQL Server instance.
  4. Save your changes, and then restart the Windows machine running DB Connect for the changes to take effect.
  5. When you set up a new identity for this database, be sure to select the checkbox labeled Use Windows Authentication Domain? Then, in the Windows Authentication Domain that appears, type the name of your domain.
  6. When you create a connection to this database, be sure to choose either MS-SQL Server Using MS Generic Driver With Windows Authentication from the Connection Types popup menu.

Install the SQL Server database driver using the MS Generic driver with Kerberos authentication

If you’re running DB Connect on Linux, you can connect to a Microsoft SQL Server using a Windows domain and user name by enabling Kerberos authentication.

Before starting the following procedure:

  1. See the instructions on how to Install the appropriate JDBC driver for SQL Server and move the driver to the correct location
  2. Enable Kerberos on the Microsoft SQL Server.
  3. Now complete the following steps to enable DB Connect to use Kerberos authentication to connect to your SQL Server database:

    1. First, get the domain name:
      1. Log onto the Windows server that is running your SQL Server database.
      2. At the command line, run systeminfo, and then copy down the domain name (next to the Domain: label).
    2. Next, get the Kerberos Distribution Center (KDC) information:
      1. From the command line, run the following, replacing <domain> with the domain name you copied in the previous step:
        nltest /DSGETDC:<domain>
      2. Copy down the name of the domain controller, which is next to the DC: label. This is the KDC host name.
    3. Back on the machine running DB Connect, use the kinit command to generate a krb5.conf file, which Kerberos will use to authenticate with the SQL Server for DB Connect.
      1. First, install kinit by entering the following at the command line:
        apt-get install krb5-user
        If you are prompted to enter a realm, enter the domain name you obtained in Step 1, but in all upper-case letters. For example, if your domain is abc.dbx, you’d enter ABC.DBX.
      2. Next, use kinit to initialize the Kerberos ticket cache. Enter the following at the command line, replacing <username> with the appropriate user name (such as Administrator) and <DOMAIN> with the domain name, in upper-case letters:
        kinit <username>@<DOMAIN>

        The krb5.conf has been generated in the /etc directory.

        Note: If the krb5.conf file is not in the /etc directory, set the following option in JVM Options under the Settings tab: -Djava.security.krb5.conf=/path/to/krb5.conf
    4. Create an identity in DB Connect.
      1. Select New Identity under Explorer > Identities.
      2. Enter Identity Name, Username, Password, and then click save.
        • Username: Enter the username of your Kerberos account. If you donot select Use Windows Authentication Domain?, you have to append @<DOMAIN> at the end of the username, e.g. Administrator@<DOMAIN>
        • Password and Confirm Password: Enter the password of your Kerberos account.
        • Use Windows Authentication Domain?: If you select it, you have to enter the <DOMAIN> in Windows Authentication Domain field, then you donot have to append @<DOMAIN> at the end of the Username.
        Note: You can add multiple identities if you need to use the different users to do the Kerberos authentication.
    5. Finally, create a new connection in DB Connect as you normally would, keeping in mind the following:
      • Database Types: Be sure to choose MS-SQL Server Using MS Generic Driver with Kerberos Authentication from the popup menu.
      • JDBC URL Format: Once you’ve entered all the necessary connection information, add the following to the JDBC URL string to enable DB Connect to use the Kerberos authentication you just set up:
        • integratedSecurity=true
        • authenticationScheme=javaKerberos

      After you’re finished, the field should contain the following:

      jdbc:sqlserver://<host>:<port>;databaseName=<database>;selectMethod=cursor;integratedSecurity=true;authenticationScheme=javaKerberos
Note: To debug Kerberos authentication, set the following option in JVM Options under the Settings tab: -Dsun.security.krb5.debug=true

Multiple SQL Server instances

If you have multiple instances of Microsoft SQL Server installed on your server, you will need to edit the JDBC connection string to add a parameter that explicitly references the instance you want to contact.

  1. Follow the instructions in "Override db_connection_types.conf" to make a copy of the db_connection_types.conf file in the local directory and copy the stanza for the Microsoft SQL Server driver you're using into the file.
  2. Edit the jdbcUrlFormat or jdbcUrlSSLFormat (if you're connecting using SSL) setting by appending it with the following: ;instanceName=
  3. Set the instanceName parameter to the name of the instance you want to connect to. For example:
    jdbc:sqlserver://dbx-sqlserver.mydomain.com:1433;databaseName=master;instanceName=test
  4. Save and close the file, and then Reload the driver under Settings>Drivers

After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup. If you've already set up DB Connect and are adding a new database, click Settings in the top navigation bar and then the Driver tab to view the driver status. If you have trouble, see "Troubleshoot driver connections."

Sybase ASE, SAP/Sybase SA, and SAP/Sybase IQ

Follow these instructions to download and install the jConnect for JDBC driver for Sybase Adaptive Server Enterprise (ASE), SAP/Sybase SQL Anywhere, and SAP/Sybase IQ:

  1. Go to the SAP software downloads page and log in.
  2. Search for and download the jConnect package.
  3. Expand the file you just downloaded and locate the jconn4.jar file inside the classes directory.
  4. Copy or move the jconn4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
  5. Reload the driver under Settings>Drivers.

Though you can also install the open source jTDS driver to connect to Sybase Adaptive Server Enterprise (ASE), the jTDS driver should not be used in production deployments of DB Connect.

Spark SQL

Your Spark instance must be running the Thrift JDBC/ODBC service before Splunk will be able to connect to it. Follow these instructions to install the Simba Spark JDBC driver:

Note: SparkSQL support requires Thrift server setup for JDBC http://spark.apache.org/docs/latest/sql-programming-guide.html#running-the-thrift-jdbcodbc-server

  1. Go to the Spark JDBC Driver page on the Simba website.
  2. Click and download the ZIP file for the latest version of the driver. You can download for 30 days free trial or purchase it.
  3. Expand the Simba_Spark_JDBC_Desktop.zip file you just downloaded. There are two zip file in the Simba_Spark_JDBC_Desktop.zip folder, expand SimbaRTU_SparkJDBC41_Client_1.0.2.1004.zip.
  4. Copy all the SparkJDBC41.jar file to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and the other .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/SparkJDBC41-libs.
  5. Copy your Spark JDBC driver license file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  6. Save and restart RPC server under Settings > General Settings.

Teradata

Follow these instructions to install the Teradata JDBC Driver:

  1. Go to the Teradata JDBC Driver page on the Teradata website.
  2. Click the link to download the ZIP or TAR file for the latest version of the driver. You need to log in with your Teradata user account.
  3. Expand the file you just downloaded.
  4. From inside the TeraJDBC_... directory, copy or move the two .JAR files (terajdbc4.jar to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and tdgssconfig.jar to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/terajdbc4-libs) directory.
  5. Reload the driver under Settings>Drivers.

For more information, including how to use the tdgssconfig.jar file, see the readme.txt file inside the TeraJDBC_... directory, or the Teradata JDBC Driver Reference.

Oracle

Follow these instructions to install the Oracle JDBC Driver:

  1. Go to the Oracle JDBC Driver Downloads page.
  2. After you have downloaded the correct driver for your database, copy the .JAR driver file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
    Note: If you want to use ojdbc7 to parse XML data type, he needs add xmlparserv2.jar as a dependency
  3. Reload the driver under Settings>Drivers.

Connect to Oracle using SSL

You can connect to an Oracle database using Secure Sockets Layer (SSL) 3.0 (TLS) in three ways:

  • Without using SSL authentication: Neither client (DB Connect) nor server verifies each other’s certificate authority (CA).
  • Using one-way SSL authentication: The client verifies the server’s CA.
  • Using two-way SSL authentication: Both client and server verify each other’s CA.

If you are using one-way or two-way authentication, you will need to have set up an Oracle wallet on the server. Oracle wallets store credentials for connecting to Oracle databases. An Oracle wallet is not required on the client if you’re not using SSL authentication.

The basic steps for setting up one of these SSL connections are:

  1. Configure Oracle wallets:
    1. Create and configure a server wallet.
    2. Create and configure a client wallet.
    3. Enable the auto-login feature.
  2. Enable SSL and configure settings on the Oracle database server:
    1. Set the server’s auto-login Oracle wallet location in the sqlnet.ora and listener.ora files.
  3. Configure DB Connect:
    1. Copy JDBC drivers to the appropriate DB Connect directory.
    2. Create a database connection using the correct JDBC URL.
    3. Specify the wallet location in your connection’s stanza within the db_connections.conf file.

Configure Oracle wallets

First, create and configure standard wallets for both the server and client using Oracle Wallet Manager, and enable the auto-login feature. Do one of the following:

Make a note of the location of your Oracle wallets, particularly if you changed the default location.

After following the appropriate set of Oracle instructions, you will have created your Oracle wallets, imported the appropriate certificates into your wallets, and set the auto-login feature for your wallets. Be sure that, if you are setting up either one-way or two-way authentication, you have a wallet on both the DB Connect machine and the Oracle server. The DB Connect machine’s wallet should contain the server wallet’s CA.

Enable SSL and configure settings on the Oracle database server

Next, enable and configure SSL on the Oracle database server by adding the path to your server wallet to the sqlnet.ora and listener.ora files:

  1. On your Oracle database server, navigate to the .../network/admin directory. For example: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin
  2. Edit the sqlnet.ora file and add the following, changing the DIRECTORY path to the path to the server wallet:
    WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path/))) 
  3. In the same file, set SSL_CLIENT_AUTHENTICATION to FALSE if you’re either connecting with no SSL authentication or with one-way SSL authentication. Set SSL_CLIENT_AUTHENTICATION to TRUE if you’re connecting with two-way SSL authentication. For more information, see Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrator's Guide.
  4. In the same directory, edit the listener.ora file. Add the same wallet location and set SSL_CLIENT_AUTHENTICATION in the same way.
  5. Save and close both files.

Set up the SSL connection using a cipher suite:

  • For no SSL authentication, use an anonymous Diffie-Hellman key exchange.
  • For one-way or two-way SSL authentication, use a cipher suite like RSA or standard DH.

Configure DB Connect and enable an SSL connection on the client

Now, configure DB Connect. Start by copying the JDBC drivers to the appropriate DB Connect directory:

  1. On the Oracle server, navigate to $ORACLE_HOME/jlib.
  2. Using your network or removable media, copy ojdbc6.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts) on the machine running DB Connect, and then copy the following .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ojdbc6-libs directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers\ojdbc6-libs on Windows hosts)
    • oraclepki.jar
    • ojpse.jar
    • osdt_cert.jar
    • osdt_core.jar

Next, set up a new identity, and then a new connection:

  1. Follow the instructions in Create and manage database connections to set up a new connection.
  2. Use your server information to set up the connection, and be sure to select the Enable SSL checkbox.
  3. When you get to the JDBC URL Format field, click the “Click here” link beneath the field to edit the JDBC URL.
  4. In the JDBC URL Format field, paste the following:
    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername )(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))
  5. Save the connection.
  6. Go to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local, and edit the db_connections.conf file.
  7. Find the connection stanza with the name you gave it, and edit the connection_properties argument.
    Here is an example:
    connection_properties = {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}
    Note: connection_properties is in JSON format, it represents JDBC connection properties. The properties you defined here need to be consistent with what you configured in Database. See JDBC with Oracle 12c Database for more information.
  8. Save and close the db_connections.conf file.

AWS RedShift, Informix, and PostgreSQL

For all other supported databases, follow these instructions:

  1. Download your JDBC database driver:
    • If you don't already have a JDBC driver for your database, see the supported database matrix and click the link for your database. Download the JAR driver file for your database.
    • If you already have a JDBC driver for your database, or you are using a different driver from what is listed in the supported database matrix, locate the .JAR driver file.
  2. After you have downloaded the correct driver for your database, copy the .JAR driver file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
  3. Reload the driver under Settings>Drivers.

Install drivers for other databases

You can add custom support to Splunk DB Connect for any database that has a JDBC driver, even if it doesn't appear in the supported database matrix.

Notes:
  • Connecting to a database that is not listed in the supported database matrix is not supported by Splunk Support.
  • At a minimum, Splunk DB Connect supports querying custom database connections. For some custom database connections, certain query-related features may not work.

Installing a custom database is a multi-step process:

  1. Download and install the JDBC driver file.
  2. Add the custom database to db_connection_types.conf.
  3. Troubleshoot or disable connection validation, if necessary.

Download and install the JDBC driver file

Download the JDBC driver for the database you want to add, and copy the .JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).

Add the custom database to db_connection_types.conf

When you add a custom database connection that Splunk DB Connect does not support by default, you must create a stanza to define the database connection in a copy of db_connection_types.conf under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts), for example

 displayName = $your database name$
 serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
 jdbcDriverClass = $JDBC driver class$
 jdbcUrlFormat = $JDBC URI Format$
 ui_default_catalog = $database$

For more information, see Configuration file reference.

Database connection validation

Each time DB Connect uses a database connection, it tries to validate that the database connection is actually working. If validation fails, you might see an error message, such as "ValidateObject failed".

DB Connect uses these two methods to validate a connection:

  1. If a testQuery is specified in db_connection_types.conf, DB Connect executes that query, and receives a response that validates that the connection is working.
  2. If testQuery is not specified, DB Connect uses the Java method connection.isValid(), and relies on the JDBC driver to answer. Some JDBC drivers do not implement this API call. (For instance, Apache Derby was built against Java 1.5, where JDBC doesn't have the method isValid.) The workaround is to specify a manual testQuery, such as SELECT 1.

After you add the custom database driver, continue with either the single server or distributed deployment instructions.

Enable SSL for your database connection

DB Connect has built-in support for connecting via SSL to several supported databases. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.

If you want to deploy DB Connect in Splunk Cloud. You must enable SSL connection for your database. See supported database matrix for the database supported for cloud deployment.

DB Connect will detect whether it supports SSL for your database type,

  • If DB Connect supports SSL connections for your database type, enabling an SSL connection is easy. When you create a new database connection, select the Enable SSL checkbox.
  • If DB Connect does not natively support SSL for your database type, you cannot select the Enable SSL checkbox in connection settings, it is grey out. However, you can add in SSL support by selecting Edit JDBC URL and editing the URL. Be aware that Splunk cannot certify that databases for which DB Connect does not have native support for SSL will connect via SSL correctly. Splunk Support will not help you troubleshoot such connections.

Use a different default driver for your database

You can change the driver that DB Connect uses for your database type. This can be useful if you want to use a custom driver to connect to your database. To change the driver, you edit the db_connection_types.conf file.

First, get the JDBC driver vendor's Java driver class name. For example, the class name of the Microsoft JDBC Driver for SQL Server is com.microsoft.sqlserver.jdbc.SQLServerDriver. Once you've found the correct Java class name, do the following:

  1. Using a text editor, open the db_connection_types.conf from within $SPLUNK_HOME/etc/apps/splunk_app_db_connect/default/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\default on Windows hosts).
  2. Find the stanza for the database type for which you want to configure a custom driver, select it, and then type Ctrl-C or Command-C to copy it.
  3. Create a new db_connection_types.conf file (if one doesn't already exist) in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts). If the file is a new file, open it and type [local] and then two new lines.
  4. Paste in the database stanza you copied from the default db_connection_types.conf file.
  5. Change the entry next to jdbcDriverClass to match the Java class name for your custom driver.
  6. If you want to retain the ability to choose the original database driver, change the name of the stanza and update the displayName attribute to differentiate it from the original driver.
  7. Restart Splunk Enterprise.
PREVIOUS
Migrate DB Connect deployment to DB Connect 3
  NEXT
Single server deployment

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2


Comments

Hi Arandriamanohisoa
Confirmed with the developer, Sqljdbc42 is recommended for Java 8. I've updated the topic.
Thanks for your comments.

Rwang splunk, Splunker
March 13, 2017

You guys recommend using sqljdbc41.jar for the generic MS SQL driver, but Microsoft recommends using sqljdbc42.jar for Java 8. The below is from their JDBC download page (https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774)

Version support for Java Runtime Environments (JRE) and the associated JDBC API versions are determined by the included JAR files as follows:
• Sqljdbc41.jar requires a JRE of 7 and supports the JDBC 4.1 API
• Sqljdbc42.jar requires a JRE of 8 and supports the JDBC 4.2 API

Arandriamanohisoa
March 9, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters