Splunk® DB Connect

Splunk® DB Connect
Fac t S h e e t
Splunk® DB Connect
Reliable, scalable, real-time integration
to relational databases
Hi g h li g h t s
• Enrich Splunk search results with structured data
from relational databases
• Explore and browse database schemas and tables
• Import and index data from relational databases
for analysis and visualization in Splunk
• Connect new databases in minutes and scale to
multiple concurrent databases
Integrate Splunk® Enterprise to
Relational Databases
Splunk DB Connect delivers reliable, scalable, real-time
integration between Splunk Enterprise and traditional relational
databases. Integrate structured data from relational databases
with data in Splunk Enterprise to drive deeper levels of analysis
and operational intelligence.
With Splunk DB Connect you can lookup data in relational
databases to enrich Splunk search results with business context.
Explore and browse database schemas and tables before deciding
to import data into Splunk. Import data from relational databases
into Splunk for more comprehensive analysis.
Splunk Tail command can be use to detect updated or new rows in
the database by referencing time stamp values. Splunk DB Connect
also enables you to import data via periodic snapshots of the
database—where database tables are recorded from a single point
in time. Grant user permissions to query only certain databases and
restrict connections to read-only mode. Allow the input and output
of data to be effectively unlimited to work with large data sets.
Splunk DB Connect supports streaming and batch modes.
Connection Pooling and Caching – For faster performance
Splunk DB Connect includes a Java Bridge Server. The Java
Bridge Server is a Java Virtual Machine constantly running in the
background. It provides many performance-enhancing options,
including the ability to: execute multiple database commands that
can run concurrently, run multiple active database connections,
cache table metadata information, size the thread pool for
database querying and cache the database lookup definitions.
Search Language Extensions – Splunk software lets users search
and navigate their data from one place. Splunk DB Connect
includes search language extensions that can be executed directly
from the Splunk user interface. Dbquery and Dbinfo are Splunk
search commands that enable you to execute database queries
directly from the Splunk Enterprise user interface. Dbinfo fetches
schema information from the database. Dbquery performs SQL
queries and presents the results as Splunk visualizations. For
example, dbquery database=ASSETDB “SELECT hostname,
owner, department from host_information WHERE location
LIKE ‘%NY%.’”
Key Features and Benefits
Splunk DB Connect provides the following core features:
Database Lookup – Enrich machine-generated data by adding
structured data from relational databases. By using Splunk
Enterprise and Splunk DB Connect, key values contained in
machine data can be used to reference related business data in
relational databases, such as device addresses, product codes,
media identifiers, etc. For example, telecom providers have the
ability to combine real-time service activation data with profile
data from a customer master database to understand what types
of customers are purchasing what types of plans – enabling indepth real-time sales and customer analytics not possible before.
Explore Database Schemas – Browse and navigate database
schemas and tables from the Splunk DB Connect user interface
before deciding to import data into Splunk. View schemas, table
names and user permissions, all from within the Splunk user
interface. Splunk DB Connect supports stored procedures and any
SQL 92 compliant query.
Import and Index Data from Relational Databases into Splunk
Enterprise – Combine structured data from relational databases
with machine data to drive end-to-end operational insights. The
Java Bridge Server
Microsoft SQL
Integrate database information with the power of Splunk analytics
and visualizations.
Fac t s h e e t
Product Requirements
Supported Databases
Splunk DB Connect is compatible with most relational databases
including IBM DB2, Oracle® Database, Microsoft® SQL Server,
SAP Sybase®, PostgreSQL, MySQL™, SQLite, H2, HyperSQL
and support for a generic ODBC driver. Refer to the Splunk DB
Connect product documentation for the complete list of relational
databases supported.
Splunk Requirements
All instances of Splunk Enterprise in a Splunk DB Connect
deployment must run Splunk Enterprise 4.3.x or later.
Free Download
Download Splunk for free. You’ll get a Splunk Enterprise
license for 60 days and you can index up to 500 megabytes
of data per day. After 60 days, or anytime before then,
you can convert to a perpetual Free license or purchase an
Enterprise license by contacting sales@splunk.com.
250 Brannan St., San Francisco, CA 94107
info@splunk.com | sales@splunk.com
866-438-7758 | 415-848-8400
© 2013 Splunk Inc. All rights reserved. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks
of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners.
Item # FS-splunk-DBConnect-110
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF