I am using Splunk Db Connect 3.0.
I have database production SQL database servers(both single and distributed). I have to access data from few tables. I read from documentation that I need to install universal forwarder on each of the servers.
For now I am able to access data from QA SQL database server(single) without any installation of forwarder.
I have Splunk enterprise on my machine. My machine and QA server are connected to intranet. Is that the reason I did not have to install Universal Forwarders?
I don't have access to production servers for now.
DB Connect cannot be installed under the Universal Forwarder. It must be installed on an indexer or a "heavy forwarder". The Universal Forwarder can be used to monitor log files or other more traditional inputs, but has no ability to implement full apps like DB Connect.
DB Connect cannot be installed under the Universal Forwarder. It must be installed on an indexer or a "heavy forwarder". The Universal Forwarder can be used to monitor log files or other more traditional inputs, but has no ability to implement full apps like DB Connect.
I am new to to Splunk.
I configured DBConnect add-on in my splunk enterprise(single-server).Does that mean I have DB Connect on an indexer? I just need to receive data from Database and don't need to forward it to any universal/heavy forwarder. I just have to visualise the data.
Now I have single and distributed database servers which I have to get data from a database table. I am able to get data from single database server. Will the same setup be enough to get data from distributed database servers?
Sounds like you have installed on an indexer. You should be able to configure DB Connect to see whatever databases you need to from there. Each database will need its own identity and connection info, but then you should be able to run queries or inputs against any of them. If you can use dbxquery to select the data in real-time (not a scheduled input), then it won't count against your Splunk license, either.
Where in the documentation does it say you need to install a forwarder?
If I use splunk enterprise(indexer and search head). Will that be enough to get data from single and distributed servers without use of heavy forwarders?
I don't find that information any more. Sorry!