Splunk DB Connect terminology
Also known as role-based access controls (RBAC), access controls comprise a system for defining access policy based on the system rather than the user. Splunk DB Connect uses the RBAC system in Splunk Enterprise, in which you define roles and assign users to them. Users can belong to multiple roles. A user's access to a given resource or action reflects what's specified in the permissive role to which that user belongs. For more information, see Configure security and access controls.
In batch input mode, the app invokes the same query each time and returns all results. Batch input mode is ideal for use with historical data that will not change and will be consumed and indexed once. For more information, see Create and manage database inputs.
A database connection object contains the necessary information for connecting to a remote database. For more information about connection objects, see Create and manage database connections.
A database input object lets you fetch and index data from a database. Database inputs are what enable Splunk Enterprise to query your database, identify the data to consume, and then tag and index the data. Once you've set up a database input, you can use that input just as you do any other data input you have defined in Splunk Enterprise. For more information, see Create and manage database inputs.
A database lookup object enables you to enrich and extend the usefulness of your Splunk Enterprise data by fetching additional data from your external database. For more information, see Create and manage database lookups.
A database output object lets you define how to send data from Splunk Enterprise to a database on a recurring basis. Define database outputs to store your indexed Splunk Enterprise data in a relational database. For more information, see Create and manage database outputs.
An identity object contains database credentials. It comprises the username and obfuscated password that DB Connect uses to access your database. For more information about identity objects, see Create and manage identities.
Permissions indicate the level of access you assigned to a role. The access specifies how a user with that role can interact with knowledge objects such as identities and connections in Splunk Enterprise. Read access to an object means that Splunk Enterprise roles are able to use the object. Read-write access to an object means that Splunk Enterprise roles are able to use and modify the object. For more information, see Configure security and access controls.
A rising column input finds the new records you want and returns only those records with each query. When you create a rising column input type, you must specify the rising column. You can specify as rising column any column whose value increases over time, such as a timestamp or sequential ID. The rising column is how DB Connect keeps track of which records are new. For more information, see Create a database input.
A role is a collection of permissions and capabilities. You assign roles to users in Splunk Enterprise. The roles a user belongs to determine which identity, connection, input, output, and lookup objects that user is able to see and interact with in Splunk DB Connect. For more information, see Configure security and access controls.
A task server enables Splunk DB Connect to send and receive data via JDBC. The task server is an instance of a web server that listens on a dedicated port (9998 by default) for instructions to connect to a database.
A database table is collection of data organized by intersecting vertical columns and horizontal rows. Rows and columns intersect in cells.
SQL tips and tricks
This documentation applies to the following versions of Splunk® DB Connect: 3.4.0, 3.4.1, 3.4.2