SCCM 2012 Reporting and Splunk

jess_harris · ‎11-21-2013

Anyone using Splunk for SCCM reporting, if so, any advice or must-have applications? Does DB Connect support T-SQL? WQL to SQL is a Microsoft translation through SCCM and we'd like to use Splunk instead of the report builder. Currently using the DB Connect Splunk app and connected to a CAS.

Tony_chan · ‎10-20-2017

How to you integrate SCCM log to Splunk, do you have any sample on how to modify the config file?

nick405060 · ‎12-10-2018

I was able to pull raw SCCM logs via a UF installed on the SCCM server. But, I don't actually use them for anything. After a lot of difficulty I was also able to query our SCCM SQL server via DBConnect.

dstaulcu · ‎11-21-2013

I used DBConnect to interface with the ConfigMgr data store.

More specifically, I use DBQuery to maintain a lookup file having most commonly referenced configuration manager client data such as name, domain, model, osname, osversion, adsitename, ipaddress, serial, etc.

More More specifically, what I do is schedule a report with | dbquery | outputlookup cmClientAttributes.csv daily to maintain these dimensions. then create an autolookup

search | lookup cmClientAttributes host as name0 OUTPUT

works for me

have fun

nick405060 · ‎10-17-2018

I know it's been five years and this is a long shot but if you remember... how did you set up DBconnect to interface with configmgr?

dstaulcu · ‎12-09-2013

The following article contains a list of views of interest in ConfigMgr:

http://gallery.technet.microsoft.com/SCCM-Configmgr-2012-R2-SQL-5fefdd3b

As for a sample query:

| dbquery [connectionName] "SELECT * FROM v_R_System"

jess_harris · ‎12-09-2013

Example sql statement? I'm connected with DB Connect but having trouble getting results.

SCCM 2012 Reporting and Splunk

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes