All Apps and Add-ons

ExtraHop Application for Database

catch_mili
Explorer

Hi,
I am searching for database monitoring application in splunk and i found ExtrHop application. Anybody had worked with ExtrHop (How to configured with splunk, how to configure for database etc.).
Please help. Thanks in advance.

Regards,
catch_mili

Tags (1)

tbragin
Explorer

It's true that the current 3.7 version of ExtraHop Discovery Edition doesn't have triggers, but the upcoming 3.8 version of Discovery Edition will in fact have them, so it will be suitable for Splunk integration.

0 Karma

catch_mili
Explorer

@bmacias84, No i doesn't have any experience on that tool, i want to know how to work on ExtraHop. I am just configure ExtraHop appplication in splunk indexer, but how to proceed with that application i required help.

0 Karma

bmacias84
Champion

@catch_mili, What version of Extrahop do you have the Vitural Appliance (EH1000v, EH2000v) or a physical appliance (EH2000, EH5000)? The discover version of Extrahop Appliance does not allow Trigger. Are you familar with the Extrahop's API or Triggers?

0 Karma

catch_mili
Explorer

Hi,
No, i just want to monitor my ms-sql & oracle database using ExtraHop tool. I already installed into splunk but not able to configured for my databases.
Can you share how to use ExtraHop application.

catch_mili

0 Karma

johnt0
Engager

Hi,

Extrahop is a real time protocol analysis appliance that receives a mirror of your desired network traffic.

As Extrahop receives the traffic flow it will reconstruct the conversation between systems and give a break down of general stats. Additional triggers can be applied to do a more detailed analysis of the data as it flows into the system. This trigger can be set to push the data to Splunk via syslog.

We currently send all of our db traffic through Extrahop and have the errors posted to Splunk. The trigger we use is available from Extrahop forums. It gives us client IP, server IP, error, method, processing time, and user in Splunk in near real time.

Yes, errors pulled off of the wire and posted to Splunk in near real time!
Also, I am not affiliated with Splunk or Extrahop other than as a happy client.

~jt

bmacias84
Champion

@catch_mili, My team and I are heavy users of ExtraHop and Splunk. What are you trying to accomplish and do you have already have an Extrahop device?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...