All Apps and Add-ons

Is it possible to connect to Database

bansi
Path Finder

Is it possible for Splunk to retrieve data from database tables specifically DB2 and then combine it with the search results from Log4J log file

Tags (1)
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Depending what you mean, zeigfried's answer may suit your needs. You can also write scripted lookups that match up values found in other data and use that to look up values in a database, in order to enrich the results.

0 Karma

bansi
Path Finder

Well i did read the docs from the link you mentioned. Infact i used the link to do lookup using static table but i need dynamic lookup from database, thats where the link you provided doesnt have much information on how to configure DB2 drivers and sample lookup script (in Python for Java Developers) to extract values from database and put the results into search query.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee
0 Karma

bansi
Path Finder

I am able to search and extract values from Log4J log file into a CSV Report. But few of the columns in the report needs to be populated from database. For example one of the column in the report is "id" and we have to retrieve "name" value from the database by passing the "id" as an argument to SQL query in DB2 database.
I would greatly appreciate if you could point me to example on Splunk website or take few moments to describe on this post on how to go about making /configuring connection to database, passing "id" as argument from report to SQL query and then populating name from database

0 Karma

ziegfried
Influencer

Yes, it is possible to set up scripted inputs that poll a database table, transform it into something text based and have Splunk index this as events. I've built a few Java/JDBC based solutions for this task since Java has the broadest support for Databases.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...