Splunk® DB Connect

Deploy and Use Splunk DB Connect

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Create and manage identities

An identity object contains database credentials. It comprises the username and password that Splunk DB Connect uses to access your database.

Note that your database credentials are not the same as your Splunk Enterprise credentials. When you configure a DB Connect identity, you use the Splunk Enterprise role-based access control system to define access to the identity.

Dbx-connection ident.png

Create a Basic identity

  1. From within Splunk DB Connect, access the Configuration > Databases > Identities tab and click New Identity > Basic Identity.
  2. Complete the following fields:
    • Identity Name
    • Username: Enter the name of the database user you want to connect as.

      Note: Ensure that the database user has sufficient access to the data you want to search. For example, you might create a database user account whose access is limited to the data you want Splunk Enterprise to consume.

    • Password: Enter the password for the user you entered in the Username field.

      Note: Your password should only contain US-ASCII characters. DB Connect requires this field to connect to your database. Your password is encrypted.

    • Use Windows Authentication Domain: This setting is for identities that connect to Microsoft SQL Server databases. Enable this setting if you need to specify a Windows Authentication Domain.
    • Windows Authentication Domain: If you selected the Use Windows Authentication Domain checkbox, enter the domain in this field. For more information about connecting to Microsoft SQL Server databases using Windows Authentication, see "Microsoft SQL Server."
  3. In the Permissions tab, update the Splunk Enterprise permissions for this identity. For more information, see Permissions.
  4. Click Save.

Create a CyberArk identity

You can create a new identity in DB Connect that uses your existing CyberArk account information.
From within Splunk DB Connect, access the Configuration > Databases > Identities tab and click New Identity > CyberArk Identity. Complete the following fields:

  • Identity Name
  • Username: Enter the name of the database user you want to connect as.
  • Connection Type: Select HTTP or HTTPS.
  • URL: Enter the CyberArk URL.

    Note: Confirm the URL does not contain the connection type or the port number. It must specify only the domain portion, for example my-cyberark-vault.com.

  • Port: Enter the CyberArk port.
  • Certificate: This is the public certificate text.
  • AppID: Enter the ID you created for DB Connect. This is used by Cyberark to identify who accessed your information.
  • Safe: Where you store your CyberArk password.
  • Object: The name of the password object.
  • Synchronization Frequency: How often you want the password updated, in seconds. This keeps your identity information in sync.

Create a HashiCorp identity

You can create a new identity in DB Connect that uses your existing HashiCorp Vault by utilizing the Key/Value and Databases secrets engine.
From Splunk DB Connect, access the Configuration > Databases > Identities tab and click New Identity > HashiCorp Identity. Complete the following fields:

  • Identity Name
  • Username: Enter the name of the database user you want to connect as.
  • Connection Type: Select HTTP or HTTPS.
  • URL: Enter the HashiCorp URL.

    Note: Confirm the URL does not contain the connection type or the port number. It must specify only the domain part, for example my-hashicorp-vault.com.

  • Port: Enter the HashiCorp port.
  • AppRole Authentication Method Path: AppRole is the authentication method supported by DB Connect. In this field you must specify the path.
  • Role ID: The role id for the role you have configured.

    Note: Confirm the role you have configured has access to the secrets by adding ACL policies.

  • Secret ID: The secret id obtained for the role id.

    Note: Ensure that the secret id obtained has enough TTL to avoid failures during sync processes.

  • Secrets Engine Path: The secret engine path for the specific engine you have configured.
  • Secrets Engine: The secret engine you have configured.

    Note: DB Connect supports Key/Value Version 1, Key/Value Version 2 and Database engines. Database engines only support Static Roles.

  • Secret Path: The secret path in case you have selected Key/Value Version 1 or Key/Value Version 2 engine.
  • Key Name: The key name in case you have selected Key/Value Version 1 or Key/Value Version 2 engine.
  • Role Name: The role name in case you selected the Database engine.
  • Synchronization Frequency: How often you want the password updated, in seconds. This keeps your identity information in sync.


Edit Identities

To see a list of the defined identities, go to Configuration > Databases > Identities. To see a list of identities, reference the table below.

To edit an identity, click its name. You can edit the following attributes of an identity, except where noted:

  • Status: Disable an identity by clicking Disable. You cannot disable an identity if any connections are using it. In that case, DB Connect displays an error message that reads Can not disable this identity!.
  • Identity Name: Not editable. To change the name of an identity, clone it, give the clone the name you want, and then delete the original identity.
  • Username, Password, Use Windows Authentication Domain? checkbox and Windows Authentication Domain are the same as Create an identity.
  • Permission: The Permissions table is where you specify the Splunk Enterprise roles that have read, write, or no permissions to the identity. By default, the Splunk Enterprise admin and db_connect_admin roles have read-write access to a new identity, the db_connect_user role has read access, and all other roles have no access.
    • Read access means that Splunk Enterprise roles are able to use the identity.
    • Write access means that Splunk Enterprise roles are able to use and modify the identity.
Last modified on 07 March, 2023
PREVIOUS
Configure Splunk DB Connect security and access controls
  NEXT
Create and manage database connections

This documentation applies to the following versions of Splunk® DB Connect: 3.12.1, 3.12.2, 3.13.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters