Solved: Re: Can Splunk monitor MSSQL database content

BunnyHop · ‎05-12-2010

I have a MSSQL database that I want to monitor content and indexed by Splunk. I understand there's a 3.x app for this and I'm wondering if there's one that's for 4.x.

gkanapathy · ‎05-12-2010

There isn't exactly a 3.x app for this, but there's is a sample database input polling script that will work for MSSQL. It's just a perl script that polls the DB and provides the output to Splunk, and it should work just as well in 4.x.

View solution in original post

wbfoxii · ‎11-19-2013

Splunk DB Connect is the way to go!

nchoe123 · ‎08-24-2011

Yes, but it's fairly crude; I've heard that it's going to make it into a future version of Splunk.

For now, the python script can get data out of MS SQL and into Splunk, though there's some data massaging that may be required for line breaks etc.

gkanapathy · ‎05-12-2010

There isn't exactly a 3.x app for this, but there's is a sample database input polling script that will work for MSSQL. It's just a perl script that polls the DB and provides the output to Splunk, and it should work just as well in 4.x.

catch_mili · ‎10-29-2012

@gkanapathy
I want to monitor Ms-sql database & Oracle database, but there we disabled logs from both the databases for performance issue. Still we can monitor database using the mentioned script, If yes then please send me script.

Regards,
catch_mili

Can Splunk monitor MSSQL database content

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?