Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

Developer Guide

Splunk DB Connect can be easily integrated into your system. It can be used in a variety of scenarios, such as password rotation, expanding bulk action capabilities, etc.

Generate the API documentation

To call a specific functionality, use the cURL command to get the API documentation using the OpenAPI specifications:

$ curl http://<Host>:<Task-Server-Port>/api/openapi.<json|yaml>

You can get the port of the task server in Splunk DB Connect > Configuration > Settings > Task Server Port, the default value is 9998.

Sample request:

$ curl http://localhost:9998/api/openapi.yaml

Visualise the API documentation

The YAML or JSON format can be difficult to read and understand, in which case we recommend using Swagger Editor

Request an Authorization token

When you communicate with the Splunk DB Connect API, you will need to provide an authorization token on the security layer. You can request the Authorization token from Splunk:

$ curl -k https://<Host>:<Management-Port>/services/auth/login -d "output_mode=json" --data-urlencode username=<Username> --data-urlencode password=<Password>

You can get the management port in Splunk > Settings > Server Settings > General Settings > Management port, the default value is 8089.

Make a request to the API

Once you've reviewed the API documentation and obtained an authorization token, you're ready to call the API.

$ curl http://<Host>:<Task-Server-Port>/api/<resource> -H "X-DBX-SESSION_KEY:<Session-Key>"

Sample request to get a connection status:

$ curl http://localhost:9998/api/connections/MySQL/status -H "X-DBX-SESSION_KEY:***"

Use case scenarios

Password Rotation

If you have enabled password rotation in your database server and have configured a way to notify safety you system about the new password, you can call Splunk DB Connect API to update that specific identity.

  1. Submit a request to update the identity: $ curl -X PUT http://<Host>:<Task-Server-Port>/api/identities/MySQL -H "Content-Type: application/json" -H "X-DBX-SESSION_KEY:***" -d '{"name": "MySQL","username": "root", "password": "root"}'

Note: it requires passing each required attribute in the body, in this case they are name, username and password.

Database outages

To disable Splunk DB Connect inputs for a given connection due to some degradation or unexpected interruptions in database performance:

  1. Get inputs: $ curl http://<Host>:<Task-Server-Port>/api/inputs -H "X-DBX-SESSION_KEY:***"
  2. Filter by given connection.
  3. Submit a request to disable each of the inputs, one by one:: $ curl -X PUT http://<Host>:<Task-Server-Port>/api/inputs/<Name> -H "Content-Type: application/json" -H "X-DBX-SESSION_KEY:***" -d '{"disabled": true, ...}'

Note: Each required attribute must be passed in the body. Modify the JSON object returned by the API to by changing the value from disabled to true.

Last modified on 24 July, 2024
Architecture and performance considerations   Installation and setup overview

This documentation applies to the following versions of Splunk® DB Connect: 3.16.0, 3.17.0, 3.17.1, 3.17.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters