Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

Configure Splunk DB Connect settings

Read this to set up DB Connect before you use it to access databases.

General tab

  1. Access Configuration > Settings.
  2. The General Settings tab contains settings related to your Java Runtime Environment (JRE) and Task Server. Change any settings you want. When DB Connect 3.x prompts you to input the JRE Installation path, Make sure to input the complete JRE file path. See Prerequisites for further details.
  3. Select Save to restart the Task Server's Java process. You do not need to restart Splunk Enterprise for changes on this page to take effect.

JRE Installation Path (JAVA_HOME)

DB Connect attempts to detect the JAVA_HOME environment variables as the JRE installation path if possible. You can change it to the Java home path you want to use for DB Connect.

JVM Options

This field lists Java Virtual Machine parameters. For more information about available JVM parameters, access Oracle's JVM documentation.

DB Connect saves the options in this field in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/jars/server.vmopts.

Task Server Port

This field contains the port number of the task server. DB Connect uses an RPC server to manage communications with the Java subsystem. The default port is 9998, but you can use any unassigned, unused port on your system.

Drivers tab

This tab contains a list of supported database connection types, along with install status and version number information.

If there is no JDBC driver for a connection type, the Installed column shows an X icon and the word "No". By default, there are no drivers.

  1. To install a JDBC driver, follow the instructions in "Install database drivers".
  2. Once you have moved the appropriate JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory, select the Reload button.

If you have installed a JDBC driver and it still does not register:

When DB Connect detects a driver, it displays a green checkmark icon and the word "Yes" next to the database, as shown in the screenshot. It also displays the version information of the driver.

Logging levels

Versions 3.0.x and higher of Splunk DB Connect provides graphical configurations of the logging levels of DB Connect. DB Connect logs activity to files in $SPLUNK_HOME/var/log/splunk and automatically indexes to _internal. The relevant log files for DB Connect are:

  • splunk_app_db_connect_server.log
  • splunk_app_db_connect_job_metrics.log
  • splunk_app_db_connect_dbx.log
  • splunk_app_db_connect_audit_server.log

By default, DB Connect logs all SQL queries it executes at the INFO level. You can enable other logging levels using the UI, or by adjusting the dbx_settings.conf file at splunk/etc/apps/splunk_app_db_connect/default/dbx_settings.conf.

Keystore tab

This tab contains a text input for setting a new keystore password. Only Splunk admin and DBX admin can run this action. The password must be at least 6 characters long.

Usage Collection tab

This tab contains an option to grant permission for Splunk to collect statistics about how you use DB Connect. See sending usage data to Splunk DB Connect to learn more about the data that DB Connect sends to Splunk.

Configure remote HTTP Event Collector (HEC)

Improve data ingestion performance by configuring a remote HTTP Event Collector (HEC). By default, Splunk DB Connect ingests data through a local HTTP Event Collection (HEC). Remote HEC can ingest data to remote forwarders, indexers, and indexer clusters, or through HEC directly. To configure remote HEC, run the following steps.

  1. Open a command line interface window, and navigate to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/.
  2. Open dbx_settings.conf in a text editor. If dbx_settings.conf does not yet exist, navigate to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/default/, copy the dbx_settings.conf file, and paste it in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/.
  3. In dbx_settings.conf, edit the following stanzas:
    hecUris: A list of HEC servers/ports, separated by comma.
    hecToken: A HEC token listing, when it is the same HEC token, configured on multiple indexers.

    By default, these values are empty, and Splunk DB Connect ingests data thru your local HEC.

  4. Save your changes.
  5. Restart your Splunk platform instance.

If an error takes place, the scheduler performs a round robin of all HEC URIs, and Splunk DB Connect marks the current HEC URI as unavailable for 1 minute (not configurable), before trying the next available HEC URI.

Last modified on 07 March, 2023
Check DB Connect installation health   Configure Splunk DB Connect to support requireClientCert=true

This documentation applies to the following versions of Splunk® DB Connect: 3.12.1, 3.12.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters