- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Ingesting query logs from Oracle Database
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All
I am looking for options/solutions that would allow me to ingest queries run on an Oracle Database using Splunk.
Can anyone help me out with that ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's two issues at play here. First, you need to actually capture the data within Oracle. Thats going to be dependent on your version is outside the scope of splunk answers - I would start here: http://www.dba-oracle.com/t_audit_sql_select_statements.htm
Once you have the data in your database, you can get it out by querying the sys.AUD$ table with the db connect app https://splunkbase.splunk.com/app/2686/
You'll need to create an input - the documentation is fairly easy to follow, if you get stuck there should be some previously answered questions here.
Just something to note the AUD$ table can become extremely large - you will probably want to truncate the table every 14 days or so
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's two issues at play here. First, you need to actually capture the data within Oracle. Thats going to be dependent on your version is outside the scope of splunk answers - I would start here: http://www.dba-oracle.com/t_audit_sql_select_statements.htm
Once you have the data in your database, you can get it out by querying the sys.AUD$ table with the db connect app https://splunkbase.splunk.com/app/2686/
You'll need to create an input - the documentation is fairly easy to follow, if you get stuck there should be some previously answered questions here.
Just something to note the AUD$ table can become extremely large - you will probably want to truncate the table every 14 days or so
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much for the info.
We have asked the DBA to move the data to the table which can be then ingested via DBConnect App.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you mean you want to get the logs of the query metadata? Or you want to run SQL queries from splunk against an oracle database?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The former.
If a user queries/actions using any statement on a DB, i would want the information available in Splunk.
Not sure if any query (even a SELECT) will be recorded at the DB End.
Updated Team Landing Page in Splunk Observability
New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
