Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

System requirements

Before you install this version of Splunk DB Connect, your environment must meet the requirements listed in this topic.

Splunk platform requirements

  • This version of Splunk DB Connect is compatible with Splunk Platform versions 7.2.0 and later.
  • Splunk DB Connect is compatible with Splunk Cloud.
  • Splunk DB Connect is not FIPS compliant. However, DBX is compatible with a FIPS compliant Splunk node, so if your Splunk Indexer or Search Head is running in a FIPS environment, DB Connect will work with that Splunk instance.
  • You can change your python version to ensure compatibility with Splunk versions, if necessary.

Operating systems and browsers

Splunk DB Connect runs Windows and *nix-based operating systems. For version details, see supported operating systems of Splunk Enterprise.

You can use the following browsers to use Splunk DB Connect on your Splunk platform:

  • Apple Safari (latest)
  • Google Chrome (latest)
  • Microsoft Internet Explorer 11
  • Mozilla Firefox (latest)

Splunk licenses and DB Connect

If you configure Splunk DB Connect to import data from a connected database into a Splunk Enterprise index, the amount of data Splunk Enterprise indexes counts towards your Splunk Enterprise license. A Splunk Enterprise license is needed in order to see your data while configuring your inputs, perform lookups, and configure outputs. Using the dbxquery, dbxlookup, and dbxoutput commands against a connected database in DB Connect does not count towards the license.

For more information about Splunk licenses, see How Splunk licensing works.

Splunk DB Connect Release Notes

For the latest known issues and fixed problems in Splunk DB Connect, see Release Notes.

User permissions

Before using DB Connect, a logged-in user must have the ability to write to the $SPLUNK_HOME/var directory (%SPLUNK_HOME%\var on Windows hosts) and to $SPLUNK_HOME/etc/apps/splunk_app_db_connect (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect on Windows hosts) and its sub-directories. For more information, see Use access control to secure Splunk data.


Java Runtime Environment (JRE) requirements

Before deploying Splunk DB Connect:

Configure Java Runtime Environment (JRE) for Splunk DB Connect

  1. Download and install supported versions of Java Runtime Environment (JRE). . Only use a supported JVM in server mode, not in client mode.
  2. Once you have installed the JRE, write down the path to the JRE directory or set $JAVA_HOME. You need the file path when you are configuring DB Connect. When DB Connect prompts you to input the JRE Installation path in Configuration > Settings, be sure to input the complete JRE file path you wrote down.

Splunk DB Connect define patch to java command in following sequence: Java patch taken from Splunk DB Connect configuration (UI or from file customized.java.path ) If path in point 1 is undefined than DB Connect try takes java from JAVA_HOME system variable When verification in point 1 and 2 fail it try to take java from system PATH Algorithm which is used to define java for Splunk DB Connect is defined in command.sh in Technical Add-on code.

Validate proper java installation Login as user use for starting Splunk Define java patch (PATH_TO_JAVA) which will be use by Splunk DB Connect (algorithm describe above) Validate java installation: Run command from command line "PATH_TO_JAVA/java -version" it should return information about installed java. Output may look like "openjdk version "18.0.1.1" 2022-04-22 OpenJDK Runtime Environment Homebrew (build 18.0.1.1+0) OpenJDK 64-Bit Server VM Homebrew (build 18.0.1.1+0, mixed mode, sharing)" Validate binary run (It works for Java 11 and above) Create file named HelloWorld.java with content: public class HelloWorld { 

 public static void main(String[] args) {
   System.out.println("Hello World!");
 }

} In the directory where the file was created, run the command: "PATH_TO_JAVA HelloWorld.java" output should be: "Hello World!" NOTE: If any of the steps fail it means that Java is installed or configured incorrectly.

If java is installed and configured properly but the Task Server still can not start please check Splunk logs.

Investigate problem with starting Task Server for Splunk DB Connect. Go to SPLUNK_HOME/var/log/splunk Open splunkd.log and search for "ERROR" and "splunk_app_db_connect" Error message may look like: "ERROR ModularInputs [7699 MainThread] - <stderr> Introspecting scheme=server: /opt/splunk/etc/apps/splunk_app_db_connect/bin/server.sh: 33: exec: java: not found" Try to resolve problem described by error message



Java Runtime Environment (JRE) for Splunk DB Connect running on Splunk Cloud Victoria Experience

DB Connect running on Search Heads inside a Splunk Cloud Victoria Experience will use the JRE that is already installed on the Search Head:

  1. If your Cloud Stack is version 8.2.2107 or below, DB Connect will be using Java 8.
  2. If your Cloud Stack is version 8.2.2109 or above, DB Connect will be using Java 11.
  3. If there are any issues with the installed Java version, file a support ticket.

If you are unsure whether you have the correct version of Java installed, access DB Connect setup. On the first screen of the DB Connect setup or at Configuration > Settings > General you can specify the path to your JRE. If there is a problem with the Java install or the system $JAVA_HOME variable is incorrect, DB Connect displays an error message. It is important that you resolve any JRE issues before proceeding as DB Connect uses Java Database Connectivity (JDBC) to communicate with your databases.

Database and JDBC database driver requirements

Splunk DB Connect supports connections to many databases. You must install a Java Database Connection (JDBC) driver or a JDBC driver add-on for your database before you can connect to databases with DB Connect.

For more information about the databases that Splunk DB Connect supports, see Supported databases.

For more information about the JDBC driver add-ons, see new drivers using JDBC Driver addons JDBC driver add-ons.

For information about connecting to unsupported databases with Splunk DB Connect, see Other databases.

Architecture and performance considerations

When adding Splunk DB Connect to your deployment, there are several architecture and performance considerations to take into account. You can install and run Splunk DB Connect on Splunk Enterprise deployments ranging from a single host (indexer and Splunk Web both running on the same system) to a large distributed deployment (multiple search heads, search head clusters, indexers, load-balanced forwarders, and so on). This topic provides guidance for setting DB Connect up and running in these environments. It also describes the kind of performance you can expect based on your deployment and capacity requirements.

Database performance considerations

If Splunk DB Connect retrieves a large amount of data from your database, it may affect your database performance, especially for the initial run. Subsequent runs of the same query may have less impact, as the database may cache results and only retrieve new data since the previous run of the query.

Last modified on 21 September, 2022
How to get help and learn more about Splunk software   Architecture and performance considerations

This documentation applies to the following versions of Splunk® DB Connect: 3.10.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters