Hello Team ,
we have some requirement to send data to externally hosted SQL server not all but some fields data captured from different log sources should be forwarded for display in portal for some sort of mgmt reporting
for eg :- if we have email security logs integrated in splunk some fields required would be
RECEIVED GOOD MAIL
RECEIVED SPAM
RECEIVED MALWARE
and may be from firewall these all fields inputs
Count
Threat/Content Type
Action
Threat/Content Name
and from Vulnerability Mgmt these fileds
Asset IP Address
Asset Names
Site Name
Asset OS Name
These are just example inputs fields which may be considered . I am bit puzzled how can we do this to effectively send only required and limited data from splunk to SQL server
Take a look at DB Connect:
http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/HowSplunkDBConnectworks
Get the app here:
https://splunkbase.splunk.com/app/2686/