Best practices MS SQL Add-On

deangoris · ‎01-22-2018

Hi,

We are searching for a way to monitor our MS SQL servers.
We are already using Splunk to index logfiles on multiple web servers and I know the basics of monitoring logfiles and perfo counters through a universal forwarder. We have a deployment server to deploy the apps made for this.

I have little experience with the add-ons available on Splunk base. I installed the MS SQL server add on.
Now I'd like to hear what the best practices are to configure it for our purposes.

Should I make sure the complete app is deployed to our forwarders as well?
Should I create a new custom app, copy the usefull stuff from the SQL add-on to it, enable necessary monitors and deploy it to our forwarders? In this way I can be sure all captured data has the correct sourcetype and all prebuilt transforms etc. will work?

Any advice on how to start with this or a link to a guide will be helpful.
The information on Splunk Docs does not give me enough advice on this.

Thanks in advance,
Dean

sloshburch · ‎01-29-2018

You'll probably be most successful by following the instructions in the app's docs (linked to in the apps' details page) in regards to where to deploy the app to.

I would keep the config you need in the local folder of the MSSQL add on. Start with it there and you may build confidence to move it's config elsewhere later...but I wouldn't start that way as it can be more confusing. Also, the design of a local folder within that app is specifically meant to help with the config management thereby allowing a 'default' folder to be overwritten during updates (but not blowing away your local folder).

Make sense?

Best practices MS SQL Add-On

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!