Knowledge Management

Adding large number of databases to DB Connect

theouhuios
Motivator

Hello

Has anyone of you faced an issue where you had to add 300-500 DB Connections to DB Connect? If you did , did you use any easy method to solve it rather than adding each one of them manually? Please let me know if there is any better way to do it rather than adding it manually.

Update:

I am using the database.conf to do this as of now. But would like to know if there is a way to automate the part where splunk can update the conf file with all necessary parameters in case a new Database is being stood up. This can either be from a FAT file or from a DNS entry or by using a OID.

araitz
Splunk Employee
Splunk Employee

You could automate this via scripting calls to Splunk's REST API to create connections, but the details are far beyond the scope of what is possible via this answer.

araitz
Splunk Employee
Splunk Employee

The Splunk REST API is pretty nuanced. In short, you make a GET request to /services/admin/databases/_new to get the required and optional fields. Then, to create a new database, you would POST to /services/admin/databases with the required and optional fields you want in the payload of the POST (aka postargs).

Note that this is just a workaround for automation, and that the REST interface for DB Connect could change in future versions.

0 Karma

theouhuios
Motivator

Would you suggest making REST API calls based on OID ?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...