Splunk® DB Connect

JDBC Driver for MongoDB

Connect to a replica set cluster

In Splunk DB Connect, connecting to a replica set cluster is straightforward, unless you use TLS with self-signed certificates.

JDBC Connection String:

jdbc:standalone-mongodb://<host-1>:<port-1>,<host-2>:<port-2>,<host-3>:<port-3>/<database>?authSource=<auth-database>&replicaSet=<replica-set-group>

TLS with self-signed certificates

In case MongoDB server uses self-signed certificate, we will need to create a TrustStore and add the trusted certificate, then specify it as JVM option.

Create TrustStore

Splunk DB Connect has a default KeyStore used to store trusted certificate but also private keys, as we will need to add the KeyStore password as plain text to JVM options, for safety we should created an additional TrustStore.

1. Create TrustStore with dummy private key entry

keytool -genkeypair -alias dbx -keyalg RSA -keystore truststore.jks -storetype JKS -keysize 2048 -storepass changeme -keypass changeme

2. Delete the dummy private key entry (Optional)

keytool -delete -alias dbx -keystore truststore.jks -storepass changeme

3. Add the trusted certificate.

keytool -importcert -alias mongo -file ca.pem -keystore truststore.jks -storetype JKS -storepass changeme

4. Make sure the trusted certificate has been added.

keytool -list -keystore truststore.jks -storepass changeme

Configure TrustStore in JVM options

Add to Task Server JVM Options and Query Server JVM Options

-Djavax.net.ssl.trustStore=<path-to-truststore> -Djavax.net.ssl.trustStorePassword=<truststore-password>

JDBC Connection String

When creating the connection use the JDBC Connection String as bellow.

jdbc:standalone-mongodb://<host-1>:<port-1>,<host-2>:<port-2>,<host-3>:<port-3>/<database>?authSource=<auth-database>&replicaSet=<replica-set-group>&ssl=true&sslinvalidhostnameallowed=true

Mutual TLS (mTLS)

Splunk DB Connect does not support mTLS to connect to MongoDB. It requires set KeyStore information as JVM option (among others settings), what have high security risks, as the password is exposed in plain text.

Troubleshooting

Hostname validation

Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: No name matching localhost found}, caused by {java.security.cert.CertificateException: No name matching localhost found}}]

To skip hostname validation, you will need to add sslinvalidhostnameallowe=true to the connection string.

Prematurely reached end of stream

Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketReadException: Prematurely reached end of stream}}, {address=localhost:27018, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketReadException: Prematurely reached end of stream}}, {address=localhost:27019, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketReadException: Prematurely reached end of stream}}]

The most common scenario is when only Client Certificate Authentication is supported, make sure you allow user/password authentication using sslAllowConnectionsWithoutCertificate.

Unable to find valid certification path

Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}]

The most common scenario is when MongoDB server use self-signed certificate and the client can not validate it. Make sure javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword are defined as JVM option.

Last modified on 31 January, 2025
Extract fields from JSON column values   Release notes for the JDBC Driver for MongoDB

This documentation applies to the following versions of Splunk® DB Connect: 4.0.0


Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters