About Splunk DB Connect
Splunk DB Connect 3 enables you to combine your structured data from databases with your unstructured machine data, and then use Splunk Enterprise to provide insights into all of that combined data.
When you use Splunk DB Connect, you are creating additional data inputs for Splunk Enterprise. That is, you're giving Splunk Enterprise more sources of data to consume. Splunk DB Connect is what connects your relational database data to Splunk Enterprise and makes that data consumable by Splunk Enterprise. In addition, Splunk DB Connect can do the reverse—write Splunk Enterprise data back to your relational database.
For more information about how DB Connect works, see How Splunk DB Connect works.
What DB Connect can do
Splunk DB Connect allows you to import tables, rows, and columns from a database directly into Splunk Enterprise, which indexes the data. You can then analyze and visualize that relational data from within Splunk Enterprise just as you would the rest of your Splunk Enterprise data.
DB Connect also enables you to output data from Splunk Enterprise back to your relational database. You map the Splunk Enterprise fields to the database tables you want to write to.
DB Connect also performs database lookups, which let you reference fields in an external database that match fields in your event data. Using these matches, you can add more meaningful information and searchable fields to enrich your event data.
Who DB Connect is for
Splunk DB Connect is great for users who:
- Want to quickly get data from a database into Splunk Enterprise.
- Want to perform on-the-fly lookups from data warehouses or state tables within Splunk Enterprise.
- Want to index structured data stored in databases in streams or batches using Splunk Enterprise.
- Want to write Splunk Enterprise data into databases in streams or batches.
- Want to preview data and validate settings such as locale and time zone, rising column and metadata choice, and so on before indexing begins, to prevent accidental duplication or other problems later on.
- Want to scale, distribute, and monitor database read-write jobs to prevent overload and be notified of failure.
- Want to know what databases are accessible to which Splunk Enterprise users, to prevent unauthorized access.
Share data in Splunk DB Connect
This documentation applies to the following versions of Splunk® DB Connect: 3.8.0, 3.9.0, 3.10.0