Hello Splunk Community,
We are thinking to integrate the Oracle Enterprise security with Splunk to avoid integrating device by device individually.
Is it possible?
I found a question related to the same subject but since it is from 2010 and it did not have any other comments, I am asking.
Thanks in advance.
Leonardo.
Oracle OEM has its own management inventory, if the data collection is enabled in OEM. The underlying tables are undocumented by Oracle. You can do reverse engineering and integrate with SPLUNK using DB Connect application.
EM_METRIC_VALUES
(Raw data stored at its most detailed level for 7 days), EM_METRIC_VALUES_HOURLY(Retained for 32 days) and EM_METRIC_VALUES_DAILY
(Retained for 12 months)
• Key columns:
• ENTITY_NAME – the target or component name
• COLLECTION_TIME – data collection time in the target time zone
• METRIC_GROUP_NAME – name of the metric group
• METRIC_COLUMN_NAME – name of the metric column
• KEY_PART_1 – key part 1 of composite key
• VALUE – value of metric
Enterprise Manager can generate notifications to Splunk using SNMP, OS commands (like a shell script) or PL/SQL (using the UTL_TCP package). OEM can also receive SNMP traps generated by Splunk. Is this what you had in mind?