Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

Install database drivers

After you've downloaded and installed Splunk DB Connect, the first step in the DB Connect setup process is installing a Java Database Connectivity (JDBC) database driver.
The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on. After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup.

Install new drivers using JDBC Driver add-ons

DB Connect officially supports connecting to databases using JDBC drivers made available through the following Splunk add-ons for DB Connect using specific databases:

To use a JDBC driver from one of the add-ons simply install the add-on following installation instructions and DB Connect will automatically use the JDBC driver provided by the add-on.

If not already installed, you can install JDBC Add-ons directly from the DB Connect application during connection setup. In that case, a pop-up window will appear and you will need to follow the installation instructions. After the driver is installed, it takes approximately 10 seconds for it to be available on the system.


For all supported databases by drivers add-ons, to install the JDBC driver on a Splunk instance, follow these instructions:

  1. Install the JDBC driver add-on for your database, if available.
  2. Reload the driver under Settings>Drivers.

In case of missing add-on for your database please open idea in [http://ideas.splunk.com/IdeasPortal]

Please avoid installation of the same JDBC driver via the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory and a JDBC driver add-on. In such a case the JDBC driver provided by the add-on will take priority over the one in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory

The Java Runtime Environment (JRE) used by your deployment's JAVA_HOME must match the JRE version of the driver that you are installing.

List of supported database should be provided in each JDBC Driver addons

Upgrading add-on from manual install method

The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on. Drivers installed manually can be upgraded to add-on based drivers by using the following procedure:

  1. Remove appropriate manually installed JDBC driver from directory $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
  2. Reload the driver under Settings>Drivers. Check if driver was disabled in drivers list
  3. Install the appropriate JDBC driver from this manual: Install new drivers using DBX Driver add-ons
  4. .

Install unsupported drivers (customer managed only)

In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. You can add custom support to Splunk DB Connect for any database that has a JDBC driver, even if it doesn't appear in the supported database matrix.

Notes:

  • Connecting to a database that is not listed in the supported database matrix is not supported by Splunk Support.
  • At a minimum, Splunk DB Connect supports querying custom database connections. For some custom database connections, certain query-related features may not work.

Installing a custom database is a multi-step process:

  1. Download and install the JDBC driver file.
  2. Add the custom database to db_connection_types.conf.
  3. Troubleshoot or disable connection validation, if necessary.

Download and install the JDBC driver file

Download the JDBC driver for the database you want to add, and copy the .JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).

Add the custom database to db_connection_types.conf

When you add a custom database connection that Splunk DB Connect does not support by default, you must create a stanza to define the database connection in a copy of db_connection_types.conf under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts), for example

 displayName = $your database name$
 serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
 jdbcDriverClass = $JDBC driver class$
 jdbcUrlFormat = $JDBC URI Format$
 ui_default_catalog = $database$

For more information, see Configuration file reference.

Database connection validation

Each time DB Connect uses a database connection, it tries to validate that the database connection is actually working. If validation fails, you might see an error message, such as "ValidateObject failed".

DB Connect uses these two methods to validate a connection:

  1. If a testQuery is specified in db_connection_types.conf, DB Connect executes that query, and receives a response that validates that the connection is working.
  2. If testQuery is not specified, DB Connect uses the Java method connection.isValid(), and relies on the JDBC driver to answer. Some JDBC drivers do not implement this API call. (For instance, Apache Derby was built against Java 1.5, where JDBC doesn't have the method isValid.) The workaround is to specify a manual testQuery, such as SELECT 1.

After you add the custom database driver, continue with either the single server or distributed deployment instructions.

Enable SSL for your database connection

DB Connect has built-in support for connecting via SSL to several supported databases. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.

If you want to deploy DB Connect in Splunk Cloud. You must enable SSL connection for your database. See supported database matrix for the database supported for cloud deployment.

DB Connect will detect whether it supports SSL for your database type,

  • If DB Connect supports SSL connections for your database type, enabling an SSL connection is easy. When you create a new database connection, select the Enable SSL checkbox.
  • If DB Connect does not natively support SSL for your database type, you cannot select the Enable SSL checkbox in connection settings, it is grey out. However, you can add in SSL support by selecting Edit JDBC URL and editing the URL. Be aware that Splunk cannot certify that databases for which DB Connect does not have native support for SSL will connect via SSL correctly. Splunk Support will not help you troubleshoot such connections.

The possibility to configure one-way SSL authentication from the UI was added for MySQL, MSSQL and Oracle databases. While creating a connection users will be able to pass a certificate which will be automatically added to the Java TrustStore and used for the server authentication. If the Enable SSL checkbox will be selected, but the certificate field would be empty - DB Connect will ignore it and work as before.

To improve security following some properties have been removed from the default connection properties. The full list of changes can be found below.

  1. MySQL - {"verifyServerCertificate":"false"}
  2. MS-SQL Server Using MS Generic Driver - {"trustServerCertificate":"true"}
  3. MS-SQL Server Using MS Generic Driver With Windows Authentication - {"trustServerCertificate":"true"}
  4. MS-SQL Server Using MS Generic Driver With Kerberos Authentication - {"trustServerCertificate":"true"}
  5. Oracle - {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
  6. Oracle Service - {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
  7. PostgreSQL - {"sslfactory":"org.postgresql.ssl.NonValidatingFactory"}
  8. AWS RedShift - {"verifyServerCertificate":"false"}
  9. AWS RedShift version 2.0 - {"verifyServerCertificate":"false"}
  10. AWS RDS Aurora - {"verifyServerCertificate":"false"}
  11. Hive - {"verifyServerCertificate":"false"}
  12. Spark SQL - {"verifyServerCertificate":"false"}

If you still want to use them, they can be added to connection_properties in the connection definition, or defined in the jdbcUrl.


Use a different default driver for your database

You can change the driver that DB Connect uses for your database type. This can be useful if you want to use a custom driver to connect to your database. To change the driver, you edit the db_connection_types.conf file.

First, get the JDBC driver vendor's Java driver class name. For example, the class name of the Microsoft JDBC Driver for SQL Server is com.microsoft.sqlserver.jdbc.SQLServerDriver. Once you've found the correct Java class name, do the following:

  1. Using a text editor, open the db_connection_types.conf from within $SPLUNK_HOME/etc/apps/splunk_app_db_connect/default/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\default on Windows hosts).
  2. Find the stanza for the database type for which you want to configure a custom driver, select it, and then type Ctrl-C or Command-C to copy it.
  3. Create a new db_connection_types.conf file (if one doesn't already exist) in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts). If the file is a new file, open it and type [local] and then two new lines.
  4. Paste in the database stanza you copied from the default db_connection_types.conf file.
  5. Change the entry next to jdbcDriverClass to match the Java class name for your custom driver.
  6. If you want to retain the ability to choose the original database driver, change the name of the stanza and update the displayName attribute to differentiate it from the original driver.
  7. Restart Splunk Enterprise.


Supported databases

Splunk DB Connect supports the databases listed in the following matrix.

  • The driver listed in the JDBC driver name/link column is the driver that Splunk has tested with Splunk DB Connect.
  • DB Connect supports and has been tested with Java cryptography standard algorithm, if you need a stronger algorithm, you must install the "JCE Unlimited Strength Jurisdiction Policy Files." Legal restrictions may apply in your country. See Java Security Providers and JCE Download pages for details. Consult your database vendor's documentation for configuration instructions.

Supported databases by JDBC Add-Ons

JDBC driver Add-Ons provides in documentation what version of java and database supports.

Database Name JDBC driver Add-on JDBC driver Addon Documentation SSL support*
AWS RDS Aurora Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
AWS RedShift Splunk Add-on for Redshift JDBC JDBC Add-on for RedSift Documentation Yes
MemSql Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
Oracle Database Splunk Add-on for Oracle JDBC JDBC Add-on for Oracle Documentation Yes
MySQL Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
Postgres Splunk Add-on for Postgres JDBC JDBC Add-on for Postgres Documentation Yes
Snowflake Splunk Add-on for Snowflake JDBC JDBC Add-on for Snowflake Documentation Yes
Microsoft Sql Server Splunk Add-on for Microsoft Sql Server JDBC JDBC Add-on for Microsoft Sql Server Documentation Yes
IBM DB2 Splunk Add-on for DB2 JDBC JDBC Add-on for DB2 Documentation Yes
InfluxDB Splunk Add-on for InfluxDB JDBC JDBC Add-on for InfluxDB Documentation Yes
MongoDB Splunk Add-on for MongoDB JDBC JDBC Add-on for MongoDB Documentation Yes

Other Supported Databases

Database Database version JDBC driver name JDBC driver version tested SSL support* Cloud support**
AWS RedShift 1.0.1044 RedshiftJDBC41-1.2.1.1001.jar

Not compatible with RedshiftJDBC42-1.2.1.1001.jar.

1.1 Yes No
Informix 12.10.FC5TL Informix JDBC Driver 3.0 Yes No
SAP SQL Anywhere (aka Sybase SA) 16.0.0.1948 Sybase jConnect 7.0 No No
Sybase ASE 16.0.02.00.1014 Sybase jConnect 7.0 No No
Sybase IQ 15.4.1.3019 Sybase jConnect 7.0 No No
Hive 3.2.4 Cloudera JDBC Driver

Simba JDBC Driver

2.6.5

2.6.13

No No
Google BigQuery ODBC and JDBC drivers for BigQuery 1.5.4.1008 Yes

* SSL support: This column specifies whether DB Connect tests and supports Secure Sockets Layer (SSL) connections to this database. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.
** Cloud support: This column specifies whether the database is supported for Splunk Cloud. You must enable SSL connection if you want to use DB Connect in a Splunk Cloud deployment.

Useful information about drivers configuration

Notes:

  • Your database connection must be set up to return results encoded in UTF-8. Consult your database vendor's documentation for instructions.
  • DB Connect supports sending data that is in a multi-byte character set, such as Traditional Chinese, using a database output. Depending on your database, you may need to change certain settings on the database side to the database to properly receive and store the data. See Enable output to multi-byte character sets.

IBM DB2

IBM DB2 is supported when the database is running on Linux. Splunk doesn't test or support DB2 on AS/400 or Windows.

Note: IBM DB2 is only supported when the database is running on Linux. Splunk doesn't test or support DB Connect with DB2 on AS/400 or on Windows.
If you want to use GSS API security mechanisms in IBM DB2, download Java Cryptography Extension (JCE) Policy to your $JRE_Installation_Path/jre/lib/security and set the encryptionAlgorithm parameter of JDBC URL as

jdbcUrlFormat = jdbc:db2://<host>:<port>/<database>:securityMechanism=9;encryptionAlgorithm=2;

Follow these instructions to install the DB2 JDBC Driver:

  1. Go to DB2 JDBC Driver Versions and Downloads on the IBM website, and click the link for the latest DB2 Version 10.5 driver.
  2. Click the Download link for the IBM Data Server Driver for JDBC and SQLJ (JCC Driver).
  3. Select the newest fix pack, and then click Continue. You will need to log in with your IBM ID, or create one if you don't already have one.
  4. Click the Download using your browser (HTTPS) radio button, and then Continue.
  5. Right-click the file name, and then save it to your hard disk.
  6. Expand the downloaded file, and then expand the db2_db2driver_for_jdbc_sqlj.zip file.
  7. Copy or move the db2jcc4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  8. Reload the driver under Settings>Drivers.

For additional information, see the Installing and Connecting to Clients documentation on the IBM website.

Hive

We support connecting to Hive using two database drivers: Simba and Cloudera

  • For Simba, the procedure involves requesting a trial or purchasing the driver. After obtaining the license, it will be sent to you, and you'll need to follow attached instructions to activate it.


Microsoft SQL Server

You have several options for connecting to a Microsoft SQL Server. Start by determining:

  • Which operating system (Windows or Linux) is running Splunk DB Connect.
  • Which driver you want to use.
  • How your database server authenticates your connection.

See Legends below the table for a more detailed explanation.

Follow this table from left to right, choosing the options that correspond to your Microsoft SQL Server environment. For more information about the meaning of each column, see the legend that follows the table.

Operating System* Driver** Authentication*** How to configure the connection
Windows Splunk DBX Add-on for Microsoft SQL Server JDBC SQL Authentication Configure SQL Server connection using SQL server authentication
Windows Authentication Configure SQL Server connection using Windows authentication
Microsoft Entra ID Authentication Configure Azure SQL Database connection using Microsoft Entra ID Authentication
Linux Splunk DBX Add-on for Microsoft SQL Server JDBC SQL authentication Configure SQL Server connection using SQL server authentication
Kerberos authentication Configure SQL Server connection using Kerberos authentication
Microsoft Entra ID Authentication Configure Azure SQL Database connection using Microsoft Entra ID Authentication

Legend

* Operating System: The operating system on which DB Connect is running. DB Connect is supported on both Linux and Windows Server.


** Driver: The JDBC driver that DB Connect will use to connect to your database:
*** Authentication: The type of service account that DB Connect will use to connect to your database:
  • SQL Authentication: Log into SQL Server as a SQL Server user. This option assumes you will create an identity that uses a username and password that is defined on the database.
  • Windows Authentication: Log into SQL Server as a Microsoft Integrated Windows Authentication user ("domain user"). This assumes that you are creating an identity that uses a domain, user name, and password to connect to the database, and that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.
  • Kerberos Authentication: DB Connect uses a Kerberos client (Linux) to negotiate an authentication ticket with the Active Directory environment directly. This assumes that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.

Install the SQL Server database driver using a SQL server authentication

If you will log onto your SQL Server database using a SQL Server username and password (non-domain attached), follow these instructions:

Install the SQL server database driver

To install the Microsoft JDBC Driver for SQL Server, please follow these instructions:

  1. Install the MSSQL JDBC driver add-on.
  2. Reload the driver under Settings>Drivers.


To install the SQL Server database driver in an on prem Splunk instance or to install a different version of the SQL Server Database driver than available via the add-on in a Splunk instance, please follow these instructions:

  1. Download the appropriate JDBC driver for SQL Server:
  2. Move the driver file to the correct location:
    • For the MS Generic Driver, from inside the zip file, copy or move the proper jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
    • If you will need to use a database service account on Windows with the Generic driver, you will also need to install the JDBC Auth library:
      1. From the Microsoft JDBC Driver for SQL Server download, locate the .dll file.
      2. Copy the .dll' file to C:\Windows\System32 on your Splunk Enterprise server.
      3. From the Windows Control Panel, go to Services, and then get properties on Splunk Service.
      4. Click the Log On tab, and then change the Log on as setting from the Local System account to that of the logged on domain user.

        Note: The domain user should have sufficient privileges to access the SQL Server instance.

      5. Save your changes, and then restart the Splunk Enterprise server for the changes to take effect.

When you create a connection to this database in DB Connect, you must choose MS-SQL Server Using MS Generic Driver from the Connection Types popup menu.

Install the SQL Server database driver using the MS Generic driver with Kerberos authentication

If you're running DB Connect on Linux, you can connect to a Microsoft SQL Server using a Windows domain and user name by enabling Kerberos authentication.

Before starting the following procedure:

  1. See the instructions on how to Install the appropriate JDBC driver for SQL Server
  2. Enable Kerberos on the Microsoft SQL Server.
  3. Now complete the following steps to enable DB Connect to use Kerberos authentication to connect to your SQL Server database:

    1. First, get the domain name:
      1. Log onto the Windows server that is running your SQL Server database.
      2. At the command line, run systeminfo, and then copy down the domain name (next to the Domain: label).
    2. Next, get the Kerberos Distribution Center (KDC) information:
      1. From the command line, run the following, replacing <domain> with the domain name you copied in the previous step:
        nltest /DSGETDC:<domain>
      2. Copy down the name of the domain controller, which is next to the DC: label. This is the KDC host name.
    3. Back on the machine running DB Connect, use the kinit command to generate a krb5.conf file, which Kerberos will use to authenticate with the SQL Server for DB Connect.
      1. First, install kinit by entering the following at the command line:
        apt-get install krb5-user
        If you are prompted to enter a realm, enter the domain name you obtained in Step 1, but in all upper-case letters. For example, if your domain is abc.dbx, you'd enter ABC.DBX.
      2. Next, use kinit to initialize the Kerberos ticket cache. Enter the following at the command line, replacing <username> with the appropriate user name (such as Administrator) and <DOMAIN> with the domain name, in upper-case letters:
        kinit <username>@<DOMAIN>

        The krb5.conf has been generated in the /etc directory.

        Note: If the krb5.conf file is not in the /etc directory, set the following option in JVM Options under the Settings tab: -Djava.security.krb5.conf=/path/to/krb5.conf

    4. Create an identity in DB Connect.
      1. Select New Identity under Explorer > Identities.
      2. Enter Identity Name, Username, Password, and then click save.
        • Username: Enter the username of your Kerberos account. If you don't select Use Windows Authentication Domain?, you have to append @<DOMAIN> at the end of the username, e.g. Administrator@<DOMAIN>
        • Password and Confirm Password: Enter the password of your Kerberos account.
        • Use Windows Authentication Domain?: If you select it, you have to enter the <DOMAIN> in Windows Authentication Domain field, then you don't have to append @<DOMAIN> at the end of the Username.
        Note: You can add multiple identities if you need to use the different users to do the Kerberos authentication.
    5. Create a new connection in DB Connect as you normally would, keeping in mind the following:
      • Database Types: Be sure to choose MS-SQL Server Using MS Generic Driver with Kerberos Authentication from the popup menu.
      • JDBC URL Format: Once you've entered all the necessary connection information, add the following to the JDBC URL string to enable DB Connect to use the Kerberos authentication you just set up:
        • integratedSecurity=true
        • authenticationScheme=javaKerberos

      After you're finished, the field should contain the following:

      jdbc:sqlserver://<host>:<port>;databaseName=<database>;selectMethod=cursor;integratedSecurity=true;authenticationScheme=javaKerberos

Note: To debug Kerberos authentication, set the following option in JVM Options under the Settings tab: -Dsun.security.krb5.debug=true


Configure Azure SQL Database connection using Microsoft Entra ID Authentication

Currently Splunk DB Connect support connections to Azure SQL Database with Microsoft Entra ID Authentication using Splunk DBX Add-on for Microsoft SQL Server JDBC, it includes the Microsoft Authentication Library for Java (MSAL4J).

When creating a connection select the connection type with name: Azure SQL Database Using Microsoft Entra Password Authentication.

For more details about how to configure Microsoft Entra Authentication for Azure SQL Database follow the official guide: Microsoft Entra server principals

Multiple SQL Server instances

If you have multiple instances of Microsoft SQL Server installed on your server, you will need to edit the JDBC connection string to add a parameter that explicitly references the instance you want to contact.

  1. Follow the instructions in "Override db_connection_types.conf" to make a copy of the db_connection_types.conf file in the local directory and copy the stanza for the Microsoft SQL Server driver you're using into the file.
  2. Edit the jdbcUrlFormat or jdbcUrlSSLFormat (if you're connecting using SSL) setting by appending it with the following: ;instanceName=
  3. Set the instanceName parameter to the name of the instance you want to connect to. For example:
    jdbc:sqlserver://dbx-sqlserver.mydomain.com:1433;databaseName=master;instanceName=test
  4. Save and close the file, and then Reload the driver under Settings>Drivers

After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup. If you've already set up DB Connect and are adding a new database, click Settings in the top navigation bar and then the Driver tab to view the driver status. If you have trouble, see "Troubleshoot driver connections."


Sybase ASE, SAP/Sybase SA, and SAP/Sybase IQ

Follow these instructions to download and install the jConnect for JDBC driver for Sybase Adaptive Server Enterprise (ASE), SAP/Sybase SQL Anywhere, and SAP/Sybase IQ:

  1. Go to the SAP software downloads page and log in.
  2. Search for and download the jConnect package.
  3. Expand the file you just downloaded and locate the jconn4.jar file inside the classes directory.
  4. Copy or move the jconn4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
  5. Reload the driver under Settings>Drivers.

Spark SQL

Your Spark instance must be running the Thrift JDBC/ODBC service before Splunk will be able to connect to it. Follow these instructions to install the Simba Spark JDBC driver:

Note: SparkSQL support requires Thrift server setup for JDBC http://spark.apache.org/docs/latest/sql-programming-guide.html#running-the-thrift-jdbcodbc-server

  1. Go to the Spark JDBC Driver page on the Simba website.
  2. Click and download the ZIP file for the latest version of the driver. You can download a free 30 day trial or purchase it.
  3. Expand the Simba_Spark_JDBC_Desktop.zip file you just downloaded. There are two zip files in the Simba_Spark_JDBC_Desktop.zip folder, expand SimbaRTU_SparkJDBC41_Client_1.0.2.1004.zip.
  4. Copy all the SparkJDBC41.jar file to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and the other .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/SparkJDBC41-libs.
  5. Copy your Spark JDBC driver license file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  6. Save and restart RPC server under Settings > General Settings.

Teradata

Follow these instructions to install the Teradata JDBC Driver:

  1. Go to the Teradata JDBC Driver page on the Teradata website.
  2. Click the link to download the ZIP or TAR file for the latest version of the driver. You need to log in with your Teradata user account.
  3. Expand the file you just downloaded.
  4. From inside the TeraJDBC_... directory, copy or move the two .JAR files (terajdbc4.jar to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and tdgssconfig.jar to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/terajdbc4-libs) directory.
  5. Reload the driver under Settings>Drivers.

For more information, including how to use the tdgssconfig.jar file, see the readme.txt file inside the TeraJDBC_... directory, or the Teradata JDBC Driver Reference.

Oracle

Follow these instructions to install the Oracle JDBC Driver in a Splunk instance:

  1. Install the Oracle JDBC driver add-on.
  2. Reload the driver under Settings>Drivers.

To install the Oracle JDBC driver in a different version of the Oracle JDBC driver than available via the add-on in a Splunk instance, please follow these instructions:

  1. Go to the Oracle JDBC Driver Downloads page.
  2. After you have downloaded the correct driver for your database, copy the .JAR driver file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts). If you want to use ojdbc7 to parse XML data type, add xmlparserv2.jar as a dependency
  3. Reload the driver under Settings>Drivers.

For users of Oracle 11g, the SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, and SSL_DH_anon_WITH_DES_CBC_SHA cipher suites are disabled by default in Java 8. To allow these cipher suites, see the Test or Revert changes to Oracle's JDK and JRE Cryptographic Algorithms section of the Java documentation.

Connect to Oracle using SSL

You can connect to an Oracle database using Secure Sockets Layer (SSL) 3.0 (TLS) in three ways:

  • Without using SSL authentication: Neither client (DB Connect) nor server verifies each other's certificate authority (CA).
  • Using one-way SSL authentication: The client verifies the server's CA.
  • Using two-way SSL authentication: Both client and server verify each other's CA.

If you are using one-way or two-way authentication, you will need to have set up an Oracle wallet on the server. Oracle wallets store credentials for connecting to Oracle databases. An Oracle wallet is not required on the client if you're not using SSL authentication.

The basic steps for setting up one of these SSL connections are:

  1. Configure Oracle wallets:
    1. Create and configure a server wallet.
    2. Create and configure a client wallet.
    3. Enable the auto-login feature.
  2. Enable SSL and configure settings on the Oracle database server:
    1. Set the server's auto-login Oracle wallet location in the sqlnet.ora and listener.ora files.
  3. Configure DB Connect:
    1. Copy JDBC drivers to the appropriate DB Connect directory.
    2. Create a database connection using the correct JDBC URL.
    3. Specify the wallet location in your connection's stanza within the db_connections.conf file or add a connection property from the user interface. The property name should be oracle.net.wallet_location and the value should point to the wallet directory.

Configure Oracle wallets

First, create and configure standard wallets for both the server and client using Oracle Wallet Manager, and enable the auto-login feature. Do one of the following:

Make a note of the location of your Oracle wallets, particularly if you changed the default location.

After following the appropriate set of Oracle instructions, you will have created your Oracle wallets, imported the appropriate certificates into your wallets, and set the auto-login feature for your wallets. Be sure that, if you are setting up either one-way or two-way authentication, you have a wallet on both the DB Connect machine and the Oracle server. The DB Connect machine's wallet should contain the server wallet's CA.

Splunk DB Connect does not have any built-in functionality to help configure Oracle Wallet. Oracle Wallet can be configured due to JDBC driver capabilities and Oracle Database support, etc.

Enable SSL and configure settings on the Oracle database server

Next, enable and configure SSL on the Oracle database server by adding the path to your server wallet to the sqlnet.ora and listener.ora files:

  1. On your Oracle database server, navigate to the .../network/admin directory. For example: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin
  2. Edit the sqlnet.ora file and add the following, changing the DIRECTORY path to the path to the server wallet:
    WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path/))) 
  3. In the same file, set SSL_CLIENT_AUTHENTICATION to FALSE if you're either connecting with no SSL authentication or with one-way SSL authentication. Set SSL_CLIENT_AUTHENTICATION to TRUE if you're connecting with two-way SSL authentication. For more information, see Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrator's Guide.
  4. In the same directory, edit the listener.ora file. Add the same wallet location and set SSL_CLIENT_AUTHENTICATION in the same way.
  5. Save and close both files.

Set up the SSL connection using a cipher suite:

  • For no SSL authentication, use an anonymous Diffie-Hellman key exchange.
  • For one-way or two-way SSL authentication, use a cipher suite like RSA or standard DH.

Configure DB Connect and enable an SSL connection on the client

Now, configure DB Connect. Start by copying the JDBC drivers to the appropriate DB Connect directory:

  1. On the Oracle server, navigate to $ORACLE_HOME/jlib.
  2. Using your network or removable media, copy ojdbc6.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts) on the machine running DB Connect, and then copy the following .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ojdbc6-libs directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers\ojdbc6-libs on Windows hosts)
    • oraclepki.jar
    • ojpse.jar
    • osdt_cert.jar
    • osdt_core.jar

(Optional) Connect to Oracle RDS over SSL

Use the following steps to connect to Oracle RDS over SSL.

  1. Open a command line window, and enter the following information;
    openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
    keytool -import -alias rds-root -keystore keystore/default.jks -file rds-ca-2019-root.der
    keytool -list -v -keystore
    <pre>
    </li>
    <li>Navigate to <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/default</code>, and make a copy of <code>db_connection_types.conf</code>.</li>
    <li>Navigate to <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local</code>, and paste the copy of <code>db_connection_types.conf</code>.</li>
    <li>In <code>$SPLUNK_HOME/etc/apps/splunk_app_db_connect/local</code>, open <code>db_connection_types.conf</code> using a text editor.</li>
    
    <li>For every connection type that you use, add or replace the following parameter:
    <pre>
    connection_properties =
    
    {"javax.net.ssl.trustStore": "<path>/splunk_app_db_connect/keystore/default.jks", "javax.net.ssl.trustStoreType": "JKS", "javax.net.ssl.trustStorePassword": "changeme"}
    
  2. Restart your Splunk platform instance.

Next, set up a new identity, and then a new connection:

  1. Follow the instructions in Create and manage database connections to set up a new connection.
  2. Use your server information to set up the connection, and be sure to select the Enable SSL checkbox.
  3. When you get to the JDBC URL Format field, click the "Click here" link beneath the field to edit the JDBC URL.
  4. In the JDBC URL Format field, paste the following:
    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername )(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))
  5. Save the connection.
  6. Go to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local, and edit the db_connections.conf file.
  7. Find the connection stanza with the name you gave it, and edit the connection_properties argument.
    Here is an example:
    connection_properties = {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}
    Note: connection_properties is in JSON format, it represents JDBC connection properties. The properties you defined here need to be consistent with what you configured in Database. See JDBC with Oracle 12c Database for more information.
  8. Save and close the db_connections.conf file.


Google BigQuery

When creating a new connection, select Google BigQuery Using Simba JDBC Driver connection type. This preconfigured connection is ready to use with a Google Service Account authentication. Please note that the identity field is optional, you can leave it blank.

Configure the JDBC Driver

  1. Download the JDBC driver from ODBC and JDBC drivers for BigQuery.
  2. Extract the contents of the .zip.
  3. Copy GoogleBigQueryJDBC42.jar to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers.
  4. Create a directory with name GoogleBigQueryJDBC42-libs under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers.
  5. Copy the others files to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/GoogleBigQueryJDBC42-libs.
  6. Restart Splunk.

Configure the Connection

  1. Add https://www.googleapis.com/bigquery/v2 to Host in JDBC URL Settings.
  2. Create a Google Service Account. Make sure to assign a role with access to BigQuery.
  3. Generate a Private Key for the Google Service Account as JSON type.
  4. Add the JSON to OAuthPvtKey in Connection Properties.
  5. Add the email associated with the Google Service Account to OAuthServiceAcctEmail in Connection Properties.
  6. Add the BigQuery project id to ProjectId in Connection Properties.
Last modified on 02 October, 2024
Upgrade and downgrade Splunk DB Connect   Install and configure Splunk DB Connect on a single instance Splunk platform deployment

This documentation applies to the following versions of Splunk® DB Connect: 3.18.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters