Deployment Architecture

Do we have to have a mixed account to be able to connect to an external MSSQL database?

cogrunc
New Member

We experienced an issue regarding connecting splunk with mssql databases. When we try to add a mssql database, the external database adding page gets irresponsive and gives a message at the top of this page like "splunk server may be down".

Do we have to have a mixed account to be able to connect to an external MSSQL database?

0 Karma

jkat54
SplunkTrust
SplunkTrust

If by mixed account you mean an account who has 'nix GID and windows ID... the answer is no. The username/pass for the database server should be the windows domain user/pass.

First thing to do is the troubleshooting section: http://docs.splunk.com/Documentation/DBX/1.2.2/DeployDBX/Troubleshoot

Make sure you select your appropriate version. I gave link to 1.2.2, you can change the version in upper-ish right-ish corner of the page. You might also like to review the "enhanced" troubleshooting section of version 2 because they got into more driver troubleshooting, etc. in the latest documents (not all will apply but might help).

It for sure sounds like a timeout issue. So I would start by putting dbx into debug mode (covered in the link). Then I would check index=_internal log_level=ERR* OR log_level=WARN*. Post any errors and warnings related to db connect as comments.

Finally, you can telnet to test port 1433 is open, check error logs on the sql server, and many more things. It might take a while but we'd be happy to help you if you've got the time to update this post.

Here's a link for troubleshooting SQL TCP/IP Port Setup/etc.: https://support.microsoft.com/en-us/kb/823938

Note that in windows 2010+ and I've even seen in it 2008 i believe... the TCP/IP SQL configuration has new options. You have to enable TCP/IP on the instance, and also on the IPv4 address under advanced properties.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Are you using dbconnect? If so, which version 1 or 2? If not, how are you trying to connect splunk to the external db?

0 Karma

cogrunc
New Member

Hi @jkat54

I forgot to specify the version of dbconnect. I am using dbconnect v1.

Thanks for your reply.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...