All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set up Splunk DB Connect with Splunk Cloud?

dbcase
Motivator
‎12-14-2016 01:26 PM

Hi,

I'm just beginning the process of getting Splunk DB Connect and Splunk Cloud working together. I've read the docs, but I'm having a hard time understanding how to get this to work with Splunk Cloud. Could someone put together a list of steps to get it installed and running? Conceptual steps would be ok, just something that I can try to wrap my head around.

Thank you!!!

0 Karma
Reply

ktugwell_splunk
Splunk Employee
Splunk Employee
‎12-15-2016 01:17 AM

Hey dbcase,

To run DB Connect you need a full Splunk Enterprise install.

  1. Install Splunk Enterprise
  2. Change to forwarder license(untested, but I think a single DBConnect instance should run on a forwarder license)
  3. Place the app you receive from the SplunkCloud team in the etc/apps folder of your new Splunk install. This will allow the heavy forwarder to send data to the cloud.
  4. Install DB Connect(you may have to also install Java, see the guide below)
  5. Install your database drivers
  6. Create an identity(in dbconnect)
  7. Create a connection(in dbconnect)
  8. Create an input(in dbconnect)

Your data should then be sent to the cloud and you can start playing with it.

Here's the dbconnect guide, if you follow it step by step, you'll be fine.

http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/AboutSplunkDBConnect

Hope this helps

Reply

dbcase
Motivator
‎12-15-2016 04:24 AM

Hey Ktugwell,

A couple of things

1) I have Splunk Cloud, not Splunk Enterprise
2) And sorry for the newbie question.... Is the heavy forwarder = universal forwarder?

0 Karma
Reply

dbcase
Motivator
‎12-15-2016 04:25 AM

Wow, not sure how the font changed there.....

0 Karma
Reply

ktugwell_splunk
Splunk Employee
Splunk Employee
‎12-15-2016 09:04 AM

Yeah, you will still need an on-premise installation of Splunk Enterprise to act as a Heavy Forwarder. See step 2 and 3.

A universal forwarder is a different binary and cannot run DB Connect, a Heavy forwarder is literally just a full install of Splunk Enterprise, but configured to act as a forwarder.

Note: I'm making the assumption here that you wouldn't want to query your local Oracle databases from your Cloud environment...

0 Karma
Reply

dbcase
Motivator
‎12-15-2016 09:08 AM

Actually we do want to query the Oracle DB from the cloud environment. What does that change?

0 Karma
Reply

ktugwell_splunk
Splunk Employee
Splunk Employee
‎12-15-2016 10:25 AM

A few reasons, but it purely depends on your security model and types of queries. Firstly, you'd probably have to create firewall rules to expose your Oracle port to the internet, I wouldn't recommend this at all. Secondly, sql queries can return huge datasets, depending on your bandwidth, this setup could be unbearably slow. I strongly recommend you follow the steps above and query your database using a local install of DBConnect, then send the data do the cloud.

0 Karma
Reply

dbcase
Motivator
‎12-14-2016 01:30 PM

additional info.....

This is and Oracle DB
I have DB connect installed on the Splunk Cloud side already
Things I'm having a hard time with:
Do I use the UF on the DB server itself? If so, how do I get that configured?
If the UF isn't used, what is?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...