Extracting data from Splunk using splunkmse

divam · ‎01-27-2011

Hi All,

We are using splunk and we need to extract application data into a Datawaehouse to report alongside other dimentions from different sources.

So we installed splunkmse as a virtual machine. Now when I use the admin user to create a table in mysql all is good and I am able to extract data, but unfortunately when I try the same with my own user, I am not able to 1) get all the saved searches. 2) The ones that get created do not show data.

Could anyone advise what I could be doing wrong, unortunately I cant have access to the admin user.

Any help is much appreciated.

Thanks, Divam

Ron_Naken · ‎02-02-2011

I believe you will need DBA privileges to the mysql instance on SplunkMSE. If I recall, it modifies entries in the _schema database when it builds tables for the saved searches.

Have the admin ssh into SplunkMSE and run the following commands in mysql>:

CREATE USER 'divam'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'divam'@'localhost' WITH GRANT OPTION;

That should give you all the necessary privileges without requiring admin access to the SplunkMSE virtual appliance. Determining what privileges/rights you will need without DBA access could be a significant undertaking.

Extracting data from Splunk using splunkmse

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases