Configure Splunk DB Connect settings
Read this to set up DB Connect before you use it to access databases.
- Access Configuration > Settings.
- The General Settings tab contains settings related to your Java Runtime Environment (JRE) and Task Server. Change any settings you want. When DB Connect 3.x prompts you to input the JRE Installation path, Make sure to input the complete JRE file path. See Prerequisites for further details.
- Select Save to restart the Task Server's Java process. You do not need to restart Splunk Enterprise for changes on this page to take effect.
JRE Installation Path (JAVA_HOME)
DB Connect attempts to detect the JAVA_HOME environment variables as the JRE installation path if possible. You can change it to the Java home path you want to use for DB Connect.
This field lists Java Virtual Machine parameters. For more information about available JVM parameters, access Oracle's JVM documentation.
DB Connect saves the options in this field in
Task Server Port
This field contains the port number of the task server. DB Connect uses an RPC server to manage communications with the Java subsystem. The default port is 9998, but you can use any unassigned, unused port on your system.
This tab contains a list of supported database connection types, along with install status and version number information.
If there is no JDBC driver for a connection type, the Installed column shows an X icon and the word "No". By default, there are no drivers.
- To install a JDBC driver, follow the instructions in "Install database drivers".
- Once you have moved the appropriate JAR file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/driversdirectory, select the Reload button.
If you have installed a JDBC driver and it still does not register:
- Verify that you correctly installed the driver by repeating the steps in "Install database drivers".
- Access the "Supported databases matrix" to verify that DB Connect supports the driver and its version. If necessary, download a newer version of the driver.
- Follow the applicable steps in "Troubleshoot driver connections".
Versions 3.0.x and higher of Splunk DB Connect provides graphical configurations of the logging levels of DB Connect. DB Connect logs activity to files in
$SPLUNK_HOME/var/log/splunk and automatically indexes to
_internal. The relevant log files for DB Connect are:
By default, DB Connect logs all SQL queries it executes at the INFO level. You can enable other logging levels using the UI, or by adjusting the
dbx_settings.conf file at
This tab contains a text input for setting a new keystore password. Only Splunk admin and DBX admin can run this action. The password must be at least 6 characters long.
This tab contains an option to grant permission for Splunk to collect statistics about how you use DB Connect. See sending usage data to Splunk DB Connect to learn more about the data that DB Connect sends to Splunk.
HTTP Event Collector Configuration
By default, Splunk DB Connect sends data through a local HTTP Event Collector (HEC). With this configuration section, you can configure remote HECs and load balance data ingestion. A restart is required to apply the changes.
Max Content Length: when sending data through HEC, events are grouped in batches to speed up performance. This setting allows us to limit the batch size.
Max Retry When Unavailable: when data ingestion requests to the HEC fail for any reason, the system will retry until the value set in this setting is reached.
HTTP Event Collectors
By clicking the Add button, you will be able to add as many collectors as needed.
URL: specify the protocol, host and port. Example:
Token: specify the HEC token. Remember to set up the allowed indexes for your tokens according to your needs, as it can cause ingestion failures.
Backup and restore Splunk DB Connect version 3.10.0 or higher
Configure Splunk DB Connect to support requireClientCert=true
This documentation applies to the following versions of Splunk® DB Connect: 3.13.0, 3.14.0, 3.14.1