Is it possible to forward specific table of a DB to Splunk? I understand that we can push the complete DB and create a dashboard to see the data we wish to. But I am more interested in understanding if we can just feed a table to the forwarder?
Many thanks in advance
if the table is always being added to and you only want new events (preferably you'd have a timestamp field as well):
create a DBconnect connection with a query similar to the following:
SELECT * FROM [TABLE]
WHERE [TABLE].[uniqueeventID] > ?
ORDER BY [TABLE].[uniqueeventID] ASC
then use the rising column method to only retrieve new events added to the table.
If the entire table changes each time you look at it, do a batch collection to grab all events in the table on a scheduled basis.
You can use DB Connect: http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/Createandmanagedatabaseinputs
DB Connect allows you to input data from a database, output to a table, or use data that resides in a database as a lookup without ingesting it. Typically, time-series data is a good candidate for ingestion.
Using the DB Connect APP to collect information does not suit you?