Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can Splunk add data from a local mdb file?

mlwinzenburg
New Member
‎07-15-2012 09:08 AM

I have installed an open source Syslog server on a Windows PC, at home. I am sending it logs from my Netgear FVS114 home firewall. Now I'd like to use Splunk to look at the Syslog data, which appears to be stored in an MS Access database ".mdb" file.

Can Splunk be configured to read this file natively? Splunk is installed on the same PC as the Syslog.

Is there an add-on that will allow Splunk to read the .mdb file?

I do not know scripting so that's not a good direction for me unless it is something already written.

Thanks

M

Tags (1)
0 Karma
Reply

Drainy
Champion
‎07-15-2012 10:48 AM

I'm not aware of such a thing, others may, but to me this seems a little backwards anyway. Do you use the local syslog server for anything else? or the mdb file for anything else?

If not, just configure Splunk to read the syslog directly via a UDP/TCP port.
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports?r=searchtip

Generally speaking as a quick how-to, just go to manager, data, add data and add UDP 514, this is the default protocol/port used by most syslog systems.
Your data will then start to be consumed by Splunk.

Reply

Drainy
Champion
‎07-16-2012 12:44 AM

Bear in mind also that the best practice is geared towards larger, SMB/Enterprise customers who would lose a heck of a lot of data by using UDP as their only method for getting data into Splunk 🙂 Also what Ayn says.

0 Karma
Reply

Ayn
Legend
‎07-15-2012 10:47 PM

It IS a good idea to write the data to a file, but that file will of course have to be readable by Splunk. Splunk reads pretty much any file in plain text format right away. It does not, however, generally read data that is in any kind of binary format, which is the case with MDB files (aka MS Access databases).

Reply

mlwinzenburg
New Member
‎07-15-2012 09:10 PM

Well, I guess I'm just following Splunk's advice to write the data to a file first.

http://wiki.splunk.com/Deploy:BestPracticeForConfiguringSyslogInput

"Here are the recommended best practices for configuring your syslog:

  1. Write to a file and configure Splunk to monitor that file

The best practice is to write to a file that Splunk is monitoring. This accounts for the scenario of data loss if Splunk is down. This also allows you to add the data again if you have to clean your index for some reason."

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...