Splunk DB Connect (dbx)
quick start guide (Linux)
Install Splunk DB Connect
After the install you will see the message below. Don't click
"Set up now" just yet if you want to install with just one restart of Splunk. Go to the next slide and install (copy) database drivers.
Install database drivers...
Oracle:
http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-112010-090769.html
MySQL:
http://dev.mysql.com/downloads/connector/j/
Copy ojdbc6.jar and/or mysql-connector-java-5.X.XX-bin.jar to:
$SPLUNK_HOME/etc/apps/dbx/bin/lib/
Now proceed to click "Set up now".
Initial setup
Verify Java home, in this example I'm running on a Rackspace virtual with only 512m ram so I reduced the max heap size to 64m.
Verify the Java bridge server is running:
App --> Splunk DB Connect
Some new options have shown up...
Splunk free version catch 22
The free version of Splunk does not allow authentication. A change needs to be made in your local server.conf. WARNING FOR FREE VERSION: Do not expose the configured Splunk port to the rest of the world, anyone will be able to access your Splunk instance and configured databases! (Falls out of scope of this document, seek help if needed)
$SPLUNK_HOME/etc/system/local/server.conf
[general]
serverName = Web01 # Something like this should already be here
allowRemoteLogin=always # add this line, restart Splunk
Configure a database connection
Test it out.
Configure a database montior (input)