Database
Splunk App for Stream supports capture of these Database protocols on Linux, Mac, and Windows. For more information see Configure Streams in the Splunk App for Stream User Manual.
MYSQL
My Structured Query Language
Name | Description | Term |
---|---|---|
src_ip | Client IP Address | flow.c-ip |
dest_ip | Server IP Address | flow.s-ip |
src_port | Client port number | flow.c-port |
dest_port | Server port number | flow.s-port |
src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
packets_in | The total number of packets sent from client to server | flow.cs-packets |
packets_out | The total number of packets sent from server to client | flow.sc-packets |
ack_packets_in | The number of acknowledgement packets sent from client to server | flow.cs-ack-packets |
ack_packets_out | The number of acknowledgement packets sent from server to client | flow.sc-ack-packets |
missing_packets_in | The number of missing packet gaps detected within the request | flow.cs-missing-packets |
missing_packets_out | The number of missing packet gaps detected within the response | flow.sc-missing-packets |
duplicate_packets_in | The number of duplicate packets sent from client to server | flow.cs-duplicate-packets |
duplicate_packets_out | The number of duplicate packets sent from server to client | flow.sc-duplicate-packets |
data_packets_in | The number of data packets sent from client to server | flow.cs-data-packets |
data_packets_out | The number of data packets sent from server to client | flow.sc-data-packets |
bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
bytes | The total number of bytes transferred | flow.bytes |
time_taken | Number of microseconds that it took to complete a flow event, from the end user's perspective | flow.time-taken |
request_time | Number of microseconds that it took the client to send a request | flow.cs-send-time |
request_ack_time | Number of microseconds that it took the server to acknowledge receipt of the request | flow.cs-ack-time |
reply_time | Number of microseconds that it took the server to start replying to a request | flow.sc-reply-time |
response_time | Number of microseconds that it took the server to send a response | flow.sc-send-time |
response_ack_time | Number of microseconds that it took the client to acknowledge receipt of the response | flow.sc-ack-time |
ssl_time | Number of microseconds that it took to negotiate an SSL handshake | flow.ssl-time |
ssl_version | SSL protocol version used for encryption, or undefined if not encrypted | flow.ssl-version |
sql_error_code | SQL error code | database.sql-error-code |
client_rtt | Average round trip time in microseconds from the client to the point of capture | flow.cp-rtt |
server_rtt | Average round trip time in microseconds from the server to the point of capture | flow.ps-rtt |
client_rtt_sum | Sum of all round trip time measurements from the client to the point of capture | flow.cp-rtt-sum |
server_rtt_sum | Sum of all round trip time measurements from the server to the point of capture | flow.ps-rtt-sum |
client_rtt_packets | Number of round trip measurements from the client to the point of capture | flow.cp-rtt-packets |
server_rtt_packets | Number of round trip measurements from the server to the point of capture | flow.ps-rtt-packets |
refused | Number of requests that were refused by the server | flow.refused |
canceled | Number of HTTP responses that were canceled early by the client | flow.canceled |
connection | TCP session server endpoint (IP address and TCP port) | flow.connection |
tcp_status | TCP handshake status (0=OK, 1=RESET, 2=IGNORED) | flow.tcp-status |
protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
transport | Transport layer protocol (udp or tcp) | flow.transport |
dbname | Database name | mysql.dbname |
login | User's login string | mysql.login |
query | Query String | mysql.query |
Postgres
PostgreSQL
Name | Description | Term |
---|---|---|
src_ip | Client IP Address | flow.c-ip |
dest_ip | Server IP Address | flow.s-ip |
src_port | Client port number | flow.c-port |
dest_port | Server port number | flow.s-port |
src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
packets_in | The total number of packets sent from client to server | flow.cs-packets |
packets_out | The total number of packets sent from server to client | flow.sc-packets |
ack_packets_in | The number of acknowledgement packets sent from client to server | flow.cs-ack-packets |
ack_packets_out | The number of acknowledgement packets sent from server to client | flow.sc-ack-packets |
missing_packets_in | The number of missing packet gaps detected within the request | flow.cs-missing-packets |
missing_packets_out | The number of missing packet gaps detected within the response | flow.sc-missing-packets |
duplicate_packets_in | The number of duplicate packets sent from client to server | flow.cs-duplicate-packets |
duplicate_packets_out | The number of duplicate packets sent from server to client | flow.sc-duplicate-packets |
data_packets_in | The number of data packets sent from client to server | flow.cs-data-packets |
data_packets_out | The number of data packets sent from server to client | flow.sc-data-packets |
bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
bytes | The total number of bytes transferred | flow.bytes |
time_taken | Number of microseconds, from the end user perspective, that it took to complete a flow event | flow.time-taken |
request_time | Number of microseconds that it took the client to send a request | flow.cs-send-time |
request_ack_time | Number of microseconds that it took the server to acknowledge receipt of the request | flow.cs-ack-time |
reply_time | Number of microseconds that it took the server to start a reply to a request | flow.sc-reply-time |
response_time | Number of microseconds that it took the server to send a response | flow.sc-send-time |
response_ack_time | Number of microseconds that it took the client to acknowledge receipt of the response | flow.sc-ack-time |
ssl_time | Number of microseconds that it took to negotiate an SSL handshake | flow.ssl-time |
ssl_version | SSL protocol version used for encryption, or undefined if not encrypted | flow.ssl-version |
data_center_time | Number of microseconds from the last request packet to the last response packet | flow.data-center-time |
client_rtt | Average round trip time in microseconds from the client to the point of capture | flow.cp-rtt |
server_rtt | Average round trip time in microseconds from the server to the point of capture | flow.ps-rtt |
client_rtt_sum | Sum of all round trip time measurements from the client to the point of capture | flow.cp-rtt-sum |
server_rtt_sum | Sum of all round trip time measurements from the server to the point of capture | flow.ps-rtt-sum |
client_rtt_packets | Number of round trip measurements from the client to the point of capture | flow.cp-rtt-packets |
server_rtt_packets | Number of round trip measurements from the server to the point of capture | flow.ps-rtt-packets |
refused | Number of requests that were refused by the server | flow.refused |
canceled | Number of HTTP responses that were canceled early by the client | flow.canceled |
connection | TCP session server endpoint (IP address and TCP port) | flow.connection |
tcp_status | TCP handshake status (0=OK, 1=RESET, 2=IGNORED) | flow.tcp-status |
protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
transport | Transport layer protocol (udp or tcp) | flow.transport |
auth_type | Authentication method requested by the server | postgres.auth-type |
dbname | Database name | postgres.dbname |
error | Error message | postgres.error |
login | User's login string | postgres.login |
password | User's password string | postgres.password |
proto_version | Protocol version | postgres.proto-version |
query | Query sent | postgres.query |
server_version | Server version | postgres.server-version |
sql_error_code | SQL error code | database.sql-error-code |
TDS (Sybase/MS SQL Server)
Tabular Data Stream
Name | Description | Term |
---|---|---|
src_ip | Client IP Address | flow.c-ip |
dest_ip | Server IP Address | flow.s-ip |
src_port | Client port number | flow.c-port |
dest_port | Server port number | flow.s-port |
src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
packets_in | The total number of packets sent from client to server | flow.cs-packets |
packets_out | The total number of packets sent from server to client | flow.sc-packets |
ack_packets_in | The number of acknowledgement packets sent from client to server | flow.cs-ack-packets |
ack_packets_out | The number of acknowledgement packets sent from server to client | flow.sc-ack-packets |
missing_packets_in | The number of missing packet gaps detected within the request | flow.cs-missing-packets |
missing_packets_out | The number of missing packet gaps detected within the response | flow.sc-missing-packets |
duplicate_packets_in | The number of duplicate packets sent from client to server | flow.cs-duplicate-packets |
duplicate_packets_out | The number of duplicate packets sent from server to client | flow.sc-duplicate-packets |
data_packets_in | The number of data packets sent from client to server | flow.cs-data-packets |
data_packets_out | The number of data packets sent from server to client | flow.sc-data-packets |
bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
bytes | The total number of bytes transferred | flow.bytes |
time_taken | Number of microseconds that it took to complete a flow event, from the end user's perspective | flow.time-taken |
request_time | Number of microseconds that it took the client to send a request | flow.cs-send-time |
request_ack_time | Number of microseconds that it took the server to acknowledge receipt of the request | flow.cs-ack-time |
reply_time | Number of microseconds that it took the server to start replying to a request | flow.sc-reply-time |
response_time | Number of microseconds that it took the server to send a response | flow.sc-send-time |
response_ack_time | Number of microseconds that it took the client to acknowledge receipt of the response | flow.sc-ack-time |
ssl_time | Number of microseconds that it took to negotiate an SSL handshake | flow.ssl-time |
ssl_version | SSL protocol version used for encryption, or undefined if not encrypted | flow.ssl-version |
data_center_time | Number of microseconds from the last request packet to the last response packet | flow.data-center-time |
client_rtt | Average round trip time in microseconds from the client to the point of capture | flow.cp-rtt |
server_rtt | Average round trip time in microseconds from the server to the point of capture | flow.ps-rtt |
client_rtt_sum | Sum of all round trip time measurements from the client to the point of capture | flow.cp-rtt-sum |
server_rtt_sum | Sum of all round trip time measurements from the server to the point of capture | flow.ps-rtt-sum |
client_rtt_packets | Number of round trip measurements from the client to the point of capture | flow.cp-rtt-packets |
server_rtt_packets | Number of round trip measurements from the server to the point of capture | flow.ps-rtt-packets |
refused | Number of requests that were refused by the server | flow.refused |
canceled | Number of HTTP responses that were canceled early by the client | flow.canceled |
connection | TCP session server endpoint (IP address and TCP port) | flow.connection |
tcp_status | TCP handshake status (0=OK, 1=RESET, 2=IGNORED) | flow.tcp-status |
protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
transport | Transport layer protocol (udp or tcp) | flow.transport |
application | Name of application used to connect to the database | tds.application |
dbname | Name of the used database | tds.dbname |
hostname | Name of workstation communicating with the SQL server | tds.hostname |
language | User locale | tds.language |
library | Name of network dynamic-link library used | tds.library |
login | User's login string | tds.login |
password | User's password string | tds.password |
query | SQL query sent by the user | tds.query |
server | Name of server hosting the SQL Server | tds.server |
sql_result_codes | A list of SQL result codes reported by the server | database.sql_error-code-int |
TNS (Oracle)
Transparent Network Substrate
Name | Description | Term |
---|---|---|
src_ip | Client IP Address | flow.c-ip |
dest_ip | Server IP Address | flow.s-ip |
src_port | Client port number | flow.c-port |
dest_port | Server port number | flow.s-port |
src_mac | Client packets MAC address in hexadecimal format | flow.c-mac |
dest_mac | Server packets MAC address in hexadecimal format | flow.s-mac |
packets_in | The total number of packets sent from client to server | flow.cs-packets |
packets_out | The total number of packets sent from server to client | flow.sc-packets |
ack_packets_in | The number of acknowledgement packets sent from client to server | flow.cs-ack-packets |
ack_packets_out | The number of acknowledgement packets sent from server to client | flow.sc-ack-packets |
missing_packets_in | The number of missing packet gaps detected within the request | flow.cs-missing-packets |
missing_packets_out | The number of missing packet gaps detected within the response | flow.sc-missing-packets |
duplicate_packets_in | The number of duplicate packets sent from client to server | flow.cs-duplicate-packets |
duplicate_packets_out | The number of duplicate packets sent from server to client | flow.sc-duplicate-packets |
data_packets_in | The number of data packets sent from client to server | flow.cs-data-packets |
data_packets_out | The number of data packets sent from server to client | flow.sc-data-packets |
bytes_in | The number of bytes sent from client to server | flow.cs-bytes |
bytes_out | The number of bytes sent from server to client | flow.sc-bytes |
bytes | The total number of bytes transferred | flow.bytes |
time_taken | Number of microseconds that it took to complete a flow event, from the end user's perspective | flow.time-taken |
request_time | Number of microseconds that it took the client to send a request | flow.cs-send-time |
request_ack_time | Number of microseconds that it took the server to acknowledge receipt of the request | flow.cs-ack-time |
reply_time | Number of microseconds that it took the server to start replying to a request | flow.sc-reply-time |
response_time | Number of microseconds that it took the server to send a response | flow.sc-send-time |
response_ack_time | Number of microseconds that it took the client to acknowledge receipt of the response | flow.sc-ack-time |
ssl_time | Number of microseconds that it took to negotiate an SSL handshake | flow.ssl-time |
ssl_version | SSL protocol version used for encryption, or undefined if not encrypted | flow.ssl-version |
data_center_time | Number of microseconds from the last request packet to the last response packet | flow.data-center-time |
client_rtt | Average round trip time in microseconds from the client to the point of capture | flow.cp-rtt |
server_rtt | Average round trip time in microseconds from the server to the point of capture | flow.ps-rtt |
client_rtt_sum | Sum of all round trip time measurements from the client to the point of capture | flow.cp-rtt-sum |
server_rtt_sum | Sum of all round trip time measurements from the server to the point of capture | flow.ps-rtt-sum |
client_rtt_packets | Number of round trip measurements from the client to the point of capture | flow.cp-rtt-packets |
server_rtt_packets | Number of round trip measurements from the server to the point of capture | flow.ps-rtt-packets |
refused | Number of requests that were refused by the server | flow.refused |
canceled | Number of HTTP responses that were canceled early by the client | flow.canceled |
connection | TCP session server endpoint (IP address and TCP port) | flow.connection |
tcp_status | TCP handshake status (0=OK, 1=RESET, 2=IGNORED) | flow.tcp-status |
protocol | Level 7 protocol name (http, ftp, etc.) | flow.protocol |
transport | Transport layer protocol (udp or tcp) | flow.transport |
dbname | Name of accessed database | tns.dbname |
client_hostname | Client machine hostname | tns.client-hostname |
client_os | Client machine operating system | tns.client-os |
client_program_name | Client program name | tns.client-program-name |
client_program_path | Client program absolute path | tns.client-program-path |
login | User's login string | tns.login |
password | User's password string | tns.password |
query | Database query | tns.query |
hostname | Database server hostname | tns.server-hostname |
server_os | Database server operating system | tns.server-os |
version | Version number of Oracle server | tns.version |
sql_error_code | SQL error code | database.sql-error-code |
Authentication |
This documentation applies to the following versions of Splunk Stream™: 7.3.0, 7.4.0, 8.0.0
Feedback submitted, thanks!