Install database drivers
After you've downloaded and installed Splunk DB Connect, the first step in the DB Connect setup process is installing a Java Database Connectivity (JDBC) database driver.
The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on.
After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup.
Install new drivers using JDBC Driver add-ons
DB Connect officially supports connecting to databases using JDBC drivers made available through the following Splunk add-ons for DB Connect using specific databases:
To use a JDBC driver from one of the add-ons simply install the add-on following installation instructions and DB Connect will automatically use the JDBC driver provided by the add-on.
If not already installed, you can install JDBC Add-ons directly from the DB Connect application during connection setup. In that case, a pop-up window will appear and you will need to follow the installation instructions. After the driver is installed, it takes approximately 10 seconds for it to be available on the system.
For all supported databases by drivers add-ons, to install the JDBC driver on a Splunk instance, follow these instructions:
- Install the JDBC driver add-on for your database, if available.
- Reload the driver under Settings>Drivers.
In case of missing add-on for your database please open idea in [http://ideas.splunk.com/IdeasPortal]
Please avoid installation of the same JDBC driver via the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory and a JDBC driver add-on. In such a case the JDBC driver provided by the add-on will take priority over the one in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory
The Java Runtime Environment (JRE) used by your deployment's JAVA_HOME
must match the JRE version of the driver that you are installing.
List of supported database should be provided in each JDBC Driver addons
Upgrading add-on from manual install method
The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on. Drivers installed manually can be upgraded to add-on based drivers by using the following procedure:
- Remove appropriate manually installed JDBC driver from directory
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
- Reload the driver under Settings>Drivers. Check if driver was disabled in drivers list
- Install the appropriate JDBC driver from this manual: Install new drivers using DBX Driver add-ons .
Install unsupported drivers (customer managed only)
In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. You can add custom support to Splunk DB Connect for any database that has a JDBC driver, even if it doesn't appear in the supported database matrix.
Notes:
- Connecting to a database that is not listed in the supported database matrix is not supported by Splunk Support.
- At a minimum, Splunk DB Connect supports querying custom database connections. For some custom database connections, certain query-related features may not work.
Installing a custom database is a multi-step process:
- Download and install the JDBC driver file.
- Add the custom database to db_connection_types.conf.
- Troubleshoot or disable connection validation, if necessary.
Download and install the JDBC driver file
Download the JDBC driver for the database you want to add, and copy the .JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers
on Windows hosts).
Add the custom database to db_connection_types.conf
When you add a custom database connection that Splunk DB Connect does not support by default, you must create a stanza to define the database connection in a copy of db_connection_types.conf under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local
(%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local
on Windows hosts), for example
displayName = $your database name$ serviceClass = com.splunk.dbx2.DefaultDBX2JDBC jdbcDriverClass = $JDBC driver class$ jdbcUrlFormat = $JDBC URI Format$ ui_default_catalog = $database$
For more information, see Configuration file reference.
Database connection validation
Each time DB Connect uses a database connection, it tries to validate that the database connection is actually working. If validation fails, you might see an error message, such as "ValidateObject failed".
DB Connect uses these two methods to validate a connection:
- If a testQuery is specified in db_connection_types.conf, DB Connect executes that query, and receives a response that validates that the connection is working.
- If testQuery is not specified, DB Connect uses the Java method connection.isValid(), and relies on the JDBC driver to answer. Some JDBC drivers do not implement this API call. (For instance, Apache Derby was built against Java 1.5, where JDBC doesn't have the method isValid.) The workaround is to specify a manual testQuery, such as
SELECT 1
.
After you add the custom database driver, continue with either the single server or distributed deployment instructions.
Enable SSL for your database connection
DB Connect has built-in support for connecting via SSL to several supported databases. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.
If you want to deploy DB Connect in Splunk Cloud. You must enable SSL connection for your database. See supported database matrix for the database supported for cloud deployment.
DB Connect will detect whether it supports SSL for your database type,
- If DB Connect supports SSL connections for your database type, enabling an SSL connection is easy. When you create a new database connection, select the Enable SSL checkbox.
- If DB Connect does not natively support SSL for your database type, you cannot select the Enable SSL checkbox in connection settings, it is grey out. However, you can add in SSL support by selecting Edit JDBC URL and editing the URL. Be aware that Splunk cannot certify that databases for which DB Connect does not have native support for SSL will connect via SSL correctly. Splunk Support will not help you troubleshoot such connections.
The possibility to configure one-way SSL authentication from the UI was added for MySQL, MSSQL and Oracle databases. While creating a connection users will be able to pass a certificate which will be automatically added to the Java TrustStore and used for the server authentication. If the Enable SSL checkbox will be selected, but the certificate field would be empty - DB Connect will ignore it and work as before.
To improve security following some properties have been removed from the default connection properties. The full list of changes can be found below.
- MySQL -
{"verifyServerCertificate":"false"}
- MS-SQL Server Using MS Generic Driver -
{"trustServerCertificate":"true"}
- MS-SQL Server Using MS Generic Driver With Windows Authentication -
{"trustServerCertificate":"true"}
- MS-SQL Server Using MS Generic Driver With Kerberos Authentication -
{"trustServerCertificate":"true"}
- Oracle -
{"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
- Oracle Service -
{"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
- PostgreSQL -
{"sslfactory":"org.postgresql.ssl.NonValidatingFactory"}
- AWS RedShift -
{"verifyServerCertificate":"false"}
- AWS RedShift version 2.0 -
{"verifyServerCertificate":"false"}
- AWS RDS Aurora -
{"verifyServerCertificate":"false"}
- Hive -
{"verifyServerCertificate":"false"}
- Spark SQL -
{"verifyServerCertificate":"false"}
If you still want to use them, they can be added to connection_properties in the connection definition, or defined in the jdbcUrl.
Use a different default driver for your database
You can change the driver that DB Connect uses for your database type. This can be useful if you want to use a custom driver to connect to your database. To change the driver, you edit the db_connection_types.conf
file.
First, get the JDBC driver vendor's Java driver class name. For example, the class name of the Microsoft JDBC Driver for SQL Server is com.microsoft.sqlserver.jdbc.SQLServerDriver. Once you've found the correct Java class name, do the following:
- Using a text editor, open the db_connection_types.conf from within
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/default/
(%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\default
on Windows hosts). - Find the stanza for the database type for which you want to configure a custom driver, select it, and then type Ctrl-C or Command-C to copy it.
- Create a new db_connection_types.conf file (if one doesn't already exist) in
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/
(%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local
on Windows hosts). If the file is a new file, open it and type[local]
and then two new lines. - Paste in the database stanza you copied from the default db_connection_types.conf file.
- Change the entry next to
jdbcDriverClass
to match the Java class name for your custom driver. - If you want to retain the ability to choose the original database driver, change the name of the stanza and update the
displayName
attribute to differentiate it from the original driver. - Restart Splunk Enterprise.
Supported databases
Splunk DB Connect supports the databases listed in the following matrix.
- The driver listed in the JDBC driver name/link column is the driver that Splunk has tested with Splunk DB Connect.
- DB Connect supports and has been tested with Java cryptography standard algorithm, if you need a stronger algorithm, you must install the "JCE Unlimited Strength Jurisdiction Policy Files." Legal restrictions may apply in your country. See Java Security Providers and JCE Download pages for details. Consult your database vendor's documentation for configuration instructions.
Supported databases by JDBC Add-Ons
JDBC driver Add-Ons provides in documentation what version of java and database supports.
Other Supported Databases
Database | Database version | JDBC driver name | JDBC driver version tested | SSL support* | Cloud support** |
---|---|---|---|---|---|
AWS RedShift | 1.0.1044 | RedshiftJDBC41-1.2.1.1001.jar Not compatible with RedshiftJDBC42-1.2.1.1001.jar. |
1.1 | Yes | No |
Informix | 12.10.FC5TL | Informix JDBC Driver | 3.0 | Yes | No |
SAP SQL Anywhere (aka Sybase SA) | 16.0.0.1948 | Sybase jConnect | 7.0 | No | No |
Sybase ASE | 16.0.02.00.1014 | Sybase jConnect | 7.0 | No | No |
Sybase IQ | 15.4.1.3019 | Sybase jConnect | 7.0 | No | No |
Hive | 3.2.4 | Cloudera JDBC Driver | 2.6.5
2.6.13 |
No | No |
Google BigQuery | ODBC and JDBC drivers for BigQuery | 1.5.4.1008 | Yes |
* SSL support: This column specifies whether DB Connect tests and supports Secure Sockets Layer (SSL) connections to this database. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.
** Cloud support: This column specifies whether the database is supported for Splunk Cloud. You must enable SSL connection if you want to use DB Connect in a Splunk Cloud deployment.
Useful information about drivers configuration
Notes:
- Your database connection must be set up to return results encoded in UTF-8. Consult your database vendor's documentation for instructions.
- DB Connect supports sending data that is in a multi-byte character set, such as Traditional Chinese, using a database output. Depending on your database, you may need to change certain settings on the database side to the database to properly receive and store the data. See Enable output to multi-byte character sets.
IBM DB2
IBM DB2 is supported when the database is running on Linux. Splunk doesn't test or support DB2 on AS/400 or Windows.
Note: IBM DB2 is only supported when the database is running on Linux. Splunk doesn't test or support DB Connect with DB2 on AS/400 or on Windows.
If you want to use GSS API security mechanisms in IBM DB2, download Java Cryptography Extension (JCE) Policy to your$JRE_Installation_Path/jre/lib/security
and set the encryptionAlgorithm parameter of JDBC URL asjdbcUrlFormat = jdbc:db2://<host>:<port>/<database>:securityMechanism=9;encryptionAlgorithm=2;
Follow these instructions to install the DB2 JDBC Driver:
- Go to DB2 JDBC Driver Versions and Downloads on the IBM website, and click the link for the latest DB2 Version 10.5 driver.
- Click the Download link for the IBM Data Server Driver for JDBC and SQLJ (JCC Driver).
- Select the newest fix pack, and then click Continue. You will need to log in with your IBM ID, or create one if you don't already have one.
- Click the Download using your browser (HTTPS) radio button, and then Continue.
- Right-click the file name, and then save it to your hard disk.
- Expand the downloaded file, and then expand the db2_db2driver_for_jdbc_sqlj.zip file.
- Copy or move the db2jcc4.jar file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory. - Reload the driver under Settings>Drivers.
For additional information, see the Installing and Connecting to Clients documentation on the IBM website.
Hive
We support connecting to Hive using two database drivers: Simba and Cloudera
- For Simba, the procedure involves requesting a trial or purchasing the driver. After obtaining the license, it will be sent to you, and you'll need to follow attached instructions to activate it.
Microsoft SQL Server
You have several options for connecting to a Microsoft SQL Server. Start by determining:
- Which operating system (Windows or Linux) is running Splunk DB Connect.
- Which driver you want to use.
- How your database server authenticates your connection.
See Legends below the table for a more detailed explanation.
Follow this table from left to right, choosing the options that correspond to your Microsoft SQL Server environment. For more information about the meaning of each column, see the legend that follows the table.
Operating System* | Driver** | Authentication*** | How to configure the connection |
---|---|---|---|
Windows | Splunk DBX Add-on for Microsoft SQL Server JDBC | SQL Authentication | Configure SQL Server connection using SQL server authentication |
Windows Authentication | Configure SQL Server connection using Windows authentication | ||
Microsoft Entra ID Authentication | Configure Azure SQL Database connection using Microsoft Entra ID Authentication | ||
Linux | Splunk DBX Add-on for Microsoft SQL Server JDBC | SQL authentication | Configure SQL Server connection using SQL server authentication |
Kerberos authentication | Configure SQL Server connection using Kerberos authentication | ||
Microsoft Entra ID Authentication | Configure Azure SQL Database connection using Microsoft Entra ID Authentication |
Legend
- * Operating System: The operating system on which DB Connect is running. DB Connect is supported on both Linux and Windows Server.
- ** Driver: The JDBC driver that DB Connect will use to connect to your database:
- Splunk DBX Add-on for Microsoft SQL Server JDBC: it uses Microsoft JDBC Driver for SQL Server together with Microsoft Authentication Library for Java (MSAL4J).
- *** Authentication: The type of service account that DB Connect will use to connect to your database:
- SQL Authentication: Log into SQL Server as a SQL Server user. This option assumes you will create an identity that uses a username and password that is defined on the database.
- Windows Authentication: Log into SQL Server as a Microsoft Integrated Windows Authentication user ("domain user"). This assumes that you are creating an identity that uses a domain, user name, and password to connect to the database, and that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.
- Kerberos Authentication: DB Connect uses a Kerberos client (Linux) to negotiate an authentication ticket with the Active Directory environment directly. This assumes that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.
Install the SQL Server database driver using a SQL server authentication
If you will log onto your SQL Server database using a SQL Server username and password (non-domain attached), follow these instructions:
Install the SQL server database driver
To install the Microsoft JDBC Driver for SQL Server, please follow these instructions:
- Install the MSSQL JDBC driver add-on.
- Reload the driver under Settings>Drivers.
To install the SQL Server database driver in an on prem Splunk instance or to install a different version of the SQL Server Database driver than available via the add-on in a Splunk instance, please follow these instructions:
- Download the appropriate JDBC driver for SQL Server:
- For the Microsoft JDBC Driver for SQL Server download the driver from the Microsoft JDBC Driver page.
- Move the driver file to the correct location:
- For the MS Generic Driver, from inside the zip file, copy or move the proper jar file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers
on Windows hosts). - If you will need to use a database service account on Windows with the Generic driver, you will also need to install the JDBC Auth library:
- From the Microsoft JDBC Driver for SQL Server download, locate the .dll file.
- Copy the .dll' file to C:\Windows\System32 on your Splunk Enterprise server.
- From the Windows Control Panel, go to Services, and then get properties on Splunk Service.
- Click the Log On tab, and then change the Log on as setting from the Local System account to that of the logged on domain user.
Note: The domain user should have sufficient privileges to access the SQL Server instance.
- Save your changes, and then restart the Splunk Enterprise server for the changes to take effect.
- For the MS Generic Driver, from inside the zip file, copy or move the proper jar file to the
When you create a connection to this database in DB Connect, you must choose MS-SQL Server Using MS Generic Driver from the Connection Types popup menu.
Install the SQL Server database driver using the MS Generic driver with Kerberos authentication
If you're running DB Connect on Linux, you can connect to a Microsoft SQL Server using a Windows domain and user name by enabling Kerberos authentication.
Before starting the following procedure:
- See the instructions on how to Install the appropriate JDBC driver for SQL Server
- Enable Kerberos on the Microsoft SQL Server.
- First, get the domain name:
- Log onto the Windows server that is running your SQL Server database.
- At the command line, run systeminfo, and then copy down the domain name (next to the Domain: label).
- Next, get the Kerberos Distribution Center (KDC) information:
- From the command line, run the following, replacing <domain> with the domain name you copied in the previous step:
nltest /DSGETDC:<domain>
- Copy down the name of the domain controller, which is next to the DC: label. This is the KDC host name.
- From the command line, run the following, replacing <domain> with the domain name you copied in the previous step:
- Back on the machine running DB Connect, use the kinit command to generate a krb5.conf file, which Kerberos will use to authenticate with the SQL Server for DB Connect.
- First, install kinit by entering the following at the command line:
apt-get install krb5-user
If you are prompted to enter a realm, enter the domain name you obtained in Step 1, but in all upper-case letters. For example, if your domain is abc.dbx, you'd enter ABC.DBX. - Next, use kinit to initialize the Kerberos ticket cache. Enter the following at the command line, replacing <username> with the appropriate user name (such as Administrator) and <DOMAIN> with the domain name, in upper-case letters:
kinit <username>@<DOMAIN>
The krb5.conf has been generated in the /etc directory.
Note: If the krb5.conf file is not in the /etc directory, set the following option in JVM Options under the Settings tab: -Djava.security.krb5.conf=/path/to/krb5.conf
- First, install kinit by entering the following at the command line:
- Create an identity in DB Connect.
- Select New Identity under Explorer > Identities.
- Enter Identity Name, Username, Password, and then click save.
- Username: Enter the username of your Kerberos account. If you don't select Use Windows Authentication Domain?, you have to append @<DOMAIN> at the end of the username, e.g. Administrator@<DOMAIN>
- Password and Confirm Password: Enter the password of your Kerberos account.
- Use Windows Authentication Domain?: If you select it, you have to enter the <DOMAIN> in Windows Authentication Domain field, then you don't have to append @<DOMAIN> at the end of the Username.
- Create a new connection in DB Connect as you normally would, keeping in mind the following:
- Database Types: Be sure to choose MS-SQL Server Using MS Generic Driver with Kerberos Authentication from the popup menu.
- JDBC URL Format: Once you've entered all the necessary connection information, add the following to the JDBC URL string to enable DB Connect to use the Kerberos authentication you just set up:
- integratedSecurity=true
- authenticationScheme=javaKerberos
After you're finished, the field should contain the following:
jdbc:sqlserver://<host>:<port>;databaseName=<database>;selectMethod=cursor;integratedSecurity=true;authenticationScheme=javaKerberos
Now complete the following steps to enable DB Connect to use Kerberos authentication to connect to your SQL Server database:
Note: To debug Kerberos authentication, set the following option in JVM Options under the Settings tab: -Dsun.security.krb5.debug=true
Configure Azure SQL Database connection using Microsoft Entra ID Authentication
Currently Splunk DB Connect support connections to Azure SQL Database with Microsoft Entra ID Authentication using Splunk DBX Add-on for Microsoft SQL Server JDBC, it includes the Microsoft Authentication Library for Java (MSAL4J).
When creating a connection select the connection type with name: Azure SQL Database Using Microsoft Entra Password Authentication.
For more details about how to configure Microsoft Entra Authentication for Azure SQL Database follow the official guide: Microsoft Entra server principals
Multiple SQL Server instances
If you have multiple instances of Microsoft SQL Server installed on your server, you will need to edit the JDBC connection string to add a parameter that explicitly references the instance you want to contact.
- Follow the instructions in "Override db_connection_types.conf" to make a copy of the db_connection_types.conf file in the local directory and copy the stanza for the Microsoft SQL Server driver you're using into the file.
- Edit the jdbcUrlFormat or jdbcUrlSSLFormat (if you're connecting using SSL) setting by appending it with the following:
;instanceName=
- Set the instanceName parameter to the name of the instance you want to connect to. For example:
jdbc:sqlserver://dbx-sqlserver.mydomain.com:1433;databaseName=master;instanceName=test
- Save and close the file, and then Reload the driver under Settings>Drivers
After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup. If you've already set up DB Connect and are adding a new database, click Settings in the top navigation bar and then the Driver tab to view the driver status. If you have trouble, see "Troubleshoot driver connections."
Sybase ASE, SAP/Sybase SA, and SAP/Sybase IQ
Follow these instructions to download and install the jConnect for JDBC driver for Sybase Adaptive Server Enterprise (ASE), SAP/Sybase SQL Anywhere, and SAP/Sybase IQ:
- Go to the SAP software downloads page and log in.
- Search for and download the jConnect package.
- Expand the file you just downloaded and locate the jconn4.jar file inside the classes directory.
- Copy or move the jconn4.jar file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers
on Windows hosts). - Reload the driver under Settings>Drivers.
Spark SQL
Your Spark instance must be running the Thrift JDBC/ODBC service before Splunk will be able to connect to it. Follow these instructions to install the Simba Spark JDBC driver:
Note: SparkSQL support requires Thrift server setup for JDBC http://spark.apache.org/docs/latest/sql-programming-guide.html#running-the-thrift-jdbcodbc-server
- Go to the Spark JDBC Driver page on the Simba website.
- Click and download the ZIP file for the latest version of the driver. You can download a free 30 day trial or purchase it.
- Expand the Simba_Spark_JDBC_Desktop.zip file you just downloaded. There are two zip files in the Simba_Spark_JDBC_Desktop.zip folder, expand SimbaRTU_SparkJDBC41_Client_1.0.2.1004.zip.
- Copy all the SparkJDBC41.jar file to
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
and the other .jar files under$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/SparkJDBC41-libs
. - Copy your Spark JDBC driver license file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory. - Save and restart RPC server under Settings > General Settings.
Teradata
Follow these instructions to install the Teradata JDBC Driver:
- Go to the Teradata JDBC Driver page on the Teradata website.
- Click the link to download the ZIP or TAR file for the latest version of the driver. You need to log in with your Teradata user account.
- Expand the file you just downloaded.
- From inside the TeraJDBC_... directory, copy or move the two .JAR files (terajdbc4.jar to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
and tdgssconfig.jar to the$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/terajdbc4-libs
) directory. - Reload the driver under Settings>Drivers.
For more information, including how to use the tdgssconfig.jar file, see the readme.txt file inside the TeraJDBC_... directory, or the Teradata JDBC Driver Reference.
Oracle
Follow these instructions to install the Oracle JDBC Driver in a Splunk instance:
- Install the Oracle JDBC driver add-on.
- Reload the driver under Settings>Drivers.
To install the Oracle JDBC driver in a different version of the Oracle JDBC driver than available via the add-on in a Splunk instance, please follow these instructions:
- Go to the Oracle JDBC Driver Downloads page.
- After you have downloaded the correct driver for your database, copy the .JAR driver file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers
on Windows hosts). If you want to useojdbc7
to parse XML data type, addxmlparserv2.jar
as a dependency - Reload the driver under Settings>Drivers.
For users of Oracle 11g, the SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
, SSL_DH_anon_WITH_RC4_128_MD5
, and SSL_DH_anon_WITH_DES_CBC_SHA
cipher suites are disabled by default in Java 8. To allow these cipher suites, see the Test or Revert changes to Oracle's JDK and JRE Cryptographic Algorithms section of the Java documentation.
Connect to Oracle using SSL
You can connect to an Oracle database using Secure Sockets Layer (SSL) 3.0 (TLS) in three ways:
- Without using SSL authentication: Neither client (DB Connect) nor server verifies each other's certificate authority (CA).
- Using one-way SSL authentication: The client verifies the server's CA.
- Using two-way SSL authentication: Both client and server verify each other's CA.
If you are using one-way or two-way authentication, you will need to have set up an Oracle wallet on the server. Oracle wallets store credentials for connecting to Oracle databases. An Oracle wallet is not required on the client if you're not using SSL authentication.
The basic steps for setting up one of these SSL connections are:
- Configure Oracle wallets:
- Create and configure a server wallet.
- Create and configure a client wallet.
- Enable the auto-login feature.
- Enable SSL and configure settings on the Oracle database server:
- Set the server's auto-login Oracle wallet location in the sqlnet.ora and listener.ora files.
- Configure DB Connect:
- Copy JDBC drivers to the appropriate DB Connect directory.
- Create a database connection using the correct JDBC URL.
- Specify the wallet location in your connection's stanza within the
db_connections.conf
file or add a connection property from the user interface. The property name should beoracle.net.wallet_location
and the value should point to the wallet directory.
Configure Oracle wallets
First, create and configure standard wallets for both the server and client using Oracle Wallet Manager, and enable the auto-login feature. Do one of the following:
- Follow the instructions in 9.3 How to Create a Complete Wallet: Process Overview, within Chapter 9, Using Oracle Wallet Manager, in the Oracle Database Advanced Security Administrator's Guide.
- To use the Wallet Manager's orapki command-line utility instead of the Wallet Manager UI, see Appendix F, "orapki Utility."
Make a note of the location of your Oracle wallets, particularly if you changed the default location.
After following the appropriate set of Oracle instructions, you will have created your Oracle wallets, imported the appropriate certificates into your wallets, and set the auto-login feature for your wallets. Be sure that, if you are setting up either one-way or two-way authentication, you have a wallet on both the DB Connect machine and the Oracle server. The DB Connect machine's wallet should contain the server wallet's CA.
Splunk DB Connect does not have any built-in functionality to help configure Oracle Wallet. Oracle Wallet can be configured due to JDBC driver capabilities and Oracle Database support, etc.
Enable SSL and configure settings on the Oracle database server
Next, enable and configure SSL on the Oracle database server by adding the path to your server wallet to the sqlnet.ora and listener.ora files:
- On your Oracle database server, navigate to the .../network/admin directory. For example: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin
- Edit the sqlnet.ora file and add the following, changing the DIRECTORY path to the path to the server wallet:
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path/)))
- In the same file, set SSL_CLIENT_AUTHENTICATION to FALSE if you're either connecting with no SSL authentication or with one-way SSL authentication. Set SSL_CLIENT_AUTHENTICATION to TRUE if you're connecting with two-way SSL authentication. For more information, see Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrator's Guide.
- In the same directory, edit the listener.ora file. Add the same wallet location and set SSL_CLIENT_AUTHENTICATION in the same way.
- Save and close both files.
Set up the SSL connection using a cipher suite:
- For no SSL authentication, use an anonymous Diffie-Hellman key exchange.
- For one-way or two-way SSL authentication, use a cipher suite like RSA or standard DH.
Configure DB Connect and enable an SSL connection on the client
Now, configure DB Connect. Start by copying the JDBC drivers to the appropriate DB Connect directory:
- On the Oracle server, navigate to
$ORACLE_HOME/jlib
. - Using your network or removable media, copy ojdbc6.jar file to the
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers
on Windows hosts) on the machine running DB Connect, and then copy the following .jar files under$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ojdbc6-libs
directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers\ojdbc6-libs
on Windows hosts)- oraclepki.jar
- ojpse.jar
- osdt_cert.jar
- osdt_core.jar
(Optional) Connect to Oracle RDS over SSL
Use the following steps to connect to Oracle RDS over SSL.
- Open a command line window, and enter the following information;
openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der keytool -import -alias rds-root -keystore keystore/default.jks -file rds-ca-2019-root.der keytool -list -v -keystore <pre> </li> <li>Navigate to <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/default</code>, and make a copy of <code>db_connection_types.conf</code>.</li> <li>Navigate to <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local</code>, and paste the copy of <code>db_connection_types.conf</code>.</li> <li>In <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local</code>, open <code>db_connection_types.conf</code> using a text editor.</li> <li>For every connection type that you use, add or replace the following parameter: <pre> connection_properties = {"javax.net.ssl.trustStore": "<path>/splunk_app_db_connect/keystore/default.jks", "javax.net.ssl.trustStoreType": "JKS", "javax.net.ssl.trustStorePassword": "changeme"}
- Restart your Splunk platform instance.
Next, set up a new identity, and then a new connection:
- Follow the instructions in Create and manage database connections to set up a new connection.
- Use your server information to set up the connection, and be sure to select the Enable SSL checkbox.
- When you get to the JDBC URL Format field, click the "Click here" link beneath the field to edit the JDBC URL.
- In the JDBC URL Format field, paste the following:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername )(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))
- Save the connection.
- Go to
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local
, and edit thedb_connections.conf
file. - Find the connection stanza with the name you gave it, and edit the connection_properties argument.
Here is an example:connection_properties = {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}
Note: connection_properties is in JSON format, it represents JDBC connection properties. The properties you defined here need to be consistent with what you configured in Database. See JDBC with Oracle 12c Database for more information. - Save and close the db_connections.conf file.
Google BigQuery
When creating a new connection, select Google BigQuery Using Simba JDBC Driver
connection type. This preconfigured connection is ready to use with a Google Service Account authentication. Please note that the identity field is optional, you can leave it blank.
Configure the JDBC Driver
- Download the JDBC driver from ODBC and JDBC drivers for BigQuery.
- Extract the contents of the
.zip
. - Copy
GoogleBigQueryJDBC42.jar
to$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
. - Create a directory with name
GoogleBigQueryJDBC42-libs
under$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
. - Copy the others files to
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/GoogleBigQueryJDBC42-libs
. - Restart Splunk.
Configure the Connection
- Add
https://www.googleapis.com/bigquery/v2
toHost
in JDBC URL Settings. - Create a Google Service Account. Make sure to assign a role with access to BigQuery.
- Generate a Private Key for the Google Service Account as JSON type.
- Add the JSON to
OAuthPvtKey
in Connection Properties. - Add the email associated with the Google Service Account to
OAuthServiceAcctEmail
in Connection Properties. - Add the BigQuery project id to
ProjectId
in Connection Properties.
Upgrade and downgrade Splunk DB Connect | Install and configure Splunk DB Connect on a single instance Splunk platform deployment |
This documentation applies to the following versions of Splunk® DB Connect: 3.18.0
Feedback submitted, thanks!