Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

Configure Splunk DB Connect settings

Read this to set up DB Connect before you use it to access databases.


  1. Access Configuration > Settings.
  2. The General Settings tab contains settings related to your Java Runtime Environment (JRE) and Task Server. Change any settings you want. When DB Connect 3.x prompts you to input the JRE Installation path, Make sure to input the complete JRE file path. See Prerequisites for further details.
  3. Select Save to restart the Task Server's Java process. You do not need to restart Splunk Enterprise for changes on this page to take effect.

JRE Installation Path (JAVA_HOME)

DB Connect attempts to detect the JAVA_HOME environment variables as the JRE installation path if possible. You can change it to the Java home path you want to use for DB Connect.

JVM Options

This field lists Java Virtual Machine parameters. For more information about available JVM parameters, access Oracle's JVM documentation.

DB Connect saves the options in this field in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/jars/server.vmopts.

Task Server Port

This field contains the port number of the task server. DB Connect uses an RPC server to manage communications with the Java subsystem. The default port is 9998, but you can use any unassigned, unused port on your system.


This tab contains a list of supported database connection types, along with install status and version number information.

If there is no JDBC driver for a connection type, the Installed column shows an X icon and the word "No". By default, there are no drivers.

  1. To install a JDBC driver, follow the instructions in "Install database drivers".
  2. Once you have moved the appropriate JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory, select the Reload button.

If you have installed a JDBC driver and it still does not register:

When DB Connect detects a driver, it displays a green checkmark icon and the word "Yes" next to the database, as shown in the screenshot. It also displays the version information of the driver.

Logging levels

Versions 3.0.x and higher of Splunk DB Connect provides graphical configurations of the logging levels of DB Connect. DB Connect logs activity to files in $SPLUNK_HOME/var/log/splunk and automatically indexes to _internal. The relevant log files for DB Connect are:

  • splunk_app_db_connect_server.log
  • splunk_app_db_connect_job_metrics.log
  • splunk_app_db_connect_dbx.log
  • splunk_app_db_connect_audit_server.log

By default, DB Connect logs all SQL queries it executes at the INFO level. You can enable other logging levels using the UI, or by adjusting the dbx_settings.conf file at splunk/etc/apps/splunk_app_db_connect/default/dbx_settings.conf.


This tab contains a text input for setting a new keystore password. Only Splunk admin and DBX admin can run this action. The password must be at least 6 characters long.

Usage Collection

This tab contains an option to grant permission for Splunk to collect statistics about how you use DB Connect. See sending usage data to Splunk DB Connect to learn more about the data that DB Connect sends to Splunk.

HTTP Event Collector Configuration

By default, Splunk DB Connect sends data through a local HTTP Event Collector (HEC). With this configuration section, you can configure remote HECs and load balance data ingestion. A restart is required to apply the changes.


Max Content Length: when sending data through HEC, events are grouped in batches to speed up performance. This setting allows us to limit the batch size.

Max Retry When Unavailable: when data ingestion requests to the HEC fail for any reason, the system will retry until the value set in this setting is reached.

HTTP Event Collectors

By clicking the Add button, you will be able to add as many collectors as needed.

URL: specify the protocol, host and port. Example: https://hec.splunk.com:8068.

Token: specify the HEC token. Remember to set up the allowed indexes for your tokens according to your needs, as it can cause ingestion failures.

Last modified on 28 April, 2023
Backup and restore Splunk DB Connect version 3.10.0 or higher   Configure Splunk DB Connect to support requireClientCert=true

This documentation applies to the following versions of Splunk® DB Connect: 3.13.0, 3.14.0, 3.14.1

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters