SCCM 2012 Reporting and Splunk

jess_harris · ‎11-21-2013

Anyone using Splunk for SCCM reporting, if so, any advice or must-have applications? Does DB Connect support T-SQL? WQL to SQL is a Microsoft translation through SCCM and we'd like to use Splunk instead of the report builder. Currently using the DB Connect Splunk app and connected to a CAS.

Tony_chan · ‎10-20-2017

How to you integrate SCCM log to Splunk, do you have any sample on how to modify the config file?

nick405060 · ‎12-10-2018

I was able to pull raw SCCM logs via a UF installed on the SCCM server. But, I don't actually use them for anything. After a lot of difficulty I was also able to query our SCCM SQL server via DBConnect.

dstaulcu · ‎11-21-2013

I used DBConnect to interface with the ConfigMgr data store.

More specifically, I use DBQuery to maintain a lookup file having most commonly referenced configuration manager client data such as name, domain, model, osname, osversion, adsitename, ipaddress, serial, etc.

More More specifically, what I do is schedule a report with | dbquery | outputlookup cmClientAttributes.csv daily to maintain these dimensions. then create an autolookup

search | lookup cmClientAttributes host as name0 OUTPUT

works for me

have fun

nick405060 · ‎10-17-2018

I know it's been five years and this is a long shot but if you remember... how did you set up DBconnect to interface with configmgr?

dstaulcu · ‎12-09-2013

The following article contains a list of views of interest in ConfigMgr:

http://gallery.technet.microsoft.com/SCCM-Configmgr-2012-R2-SQL-5fefdd3b

As for a sample query:

| dbquery [connectionName] "SELECT * FROM v_R_System"

jess_harris · ‎12-09-2013

Example sql statement? I'm connected with DB Connect but having trouble getting results.

SCCM 2012 Reporting and Splunk

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...