Splunk® DB Connect

Deploy and Use Splunk DB Connect

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About Splunk DB Connect

With Splunk DB Connect 3, you can combine your structured data from databases with your unstructured machine data, and then use Splunk Enterprise to provide insights into all of that combined data.

When you use Splunk DB Connect, you create additional data inputs for Splunk Enterprise, giving Splunk Enterprise more sources of data. Splunk DB Connect connects your relational database data to Splunk Enterprise and makes that data consumable by Splunk Enterprise. In addition, Splunk DB Connect can do the reverse, writing Splunk Enterprise data back to your relational database.

For more information about how DB Connect works, see How Splunk DB Connect works.

What you can do with DB Connect

Splunk DB Connect lets you import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise along with your existing Splunk Enterprise data.

DB Connect also lets you output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.

DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.

Who DB Connect is for

Use Splunk DB Connect to achieve the following tasks:

  • Quickly get data from a database into Splunk Enterprise.
  • Run on-the-fly lookups from data warehouses or state tables within Splunk Enterprise.
  • Index structured data stored in databases in streams or batches using Splunk Enterprise.
  • Write Splunk Enterprise data into databases in streams or batches.
  • Preview data and validate settings such as locale and time zone, rising column and metadata choice, and so on before indexing begins, to prevent accidental duplication or other problems in the future.
  • Scale, distribute, and monitor database read/write jobs to prevent overload and receive notice of failures.
  • Know what databases are accessible to which Splunk Enterprise users to prevent unauthorized access.

For installation instructions, see Install Splunk DB Connect: Single server deployment or Distributed deployment. Download Splunk DB Connect on Splunkbase.

Last modified on 09 November, 2023
  NEXT
Share data in Splunk DB Connect

This documentation applies to the following versions of Splunk® DB Connect: 3.12.1, 3.12.2, 3.13.0, 3.14.0, 3.14.1, 3.15.0, 3.16.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters