All Apps and Add-ons

Where Does Oracle save 'transaction logs'?

knight_rehan
Explorer

Does anyone has any idea where Oracle saves its transaction logs in Windows system?

Tags (2)

knight_rehan
Explorer

I would like to monitor database activities (create, update, etc.) through Splunk. I thought there would be a way to monitor the transaction logs directly but I'm not sure if it is possible.

0 Karma

Lowell
Super Champion

Can you clarify your question. What kind of transaction data are you trying to capture? What are you trying to get splunk to do with this data?

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Well, it's a little complicated, but I think first we need to address what you're trying to do.

Splunk will not read Oracle transaction logs (i.e., the database redo logs). You can consume the alert log, or turn on Oracle tracing to generate text files that can be consumed by Splunk. But I'm pretty sure that's not what you're asking.

I'm pretty sure that you actually want to record database record create/update/deletes. Splunk can't read this from the redo logs, as it's a proprietary binary format, and not very transparent anyway. If you really want to do this, you need to use something like Oracle Streams or Oracle LogMiner to read it, pick out the things you want, and write them into a text log file suitable for Splunk consumption. This isn't entirely trivial.

Most people will instead use a Splunk scripted input that polls just the actual database tables that you are interested in seeing and writes to a text file. This might not work for you. If that is so, database triggers might work better.

knight_rehan
Explorer

Thanks for the reply. I've a better understanding and now. Lets see if I find a way to write the logs in a Splunk readable format.

0 Karma

hexx
Splunk Employee
Splunk Employee

I believe that the default location for the transaction log files is the same directory than where the datafiles sit.

Of course, this may have been changed by the DBA when the database was initially configured.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...