In this case you need the bridging authentication solution. . A python script can do the job. what kind of password vault is it. Work around for this, where everyone in risk,db and access management team is happy is to use one time password, connect the database and let "dbmon-tai"l monitor the database.Once connection is established it does not need authentication again for long time. "dbmon-tail" normally queries database every 100 miliseconds. Furthermore $SPLUNK_HOME/etc/apps/dbx/bin/status.py can provide the information on schedules query and help troubleshoot. Additionally you need to setup an alert for internal database connectivity error, incase of reconnect and authentication failure. ... View more

windows authentication is not required. You need sql account with appropriate right on database. some time user is locked out due repeated password failures. Normally it is problem with firewall, user password and privilege etc First test the database connectivity with a free tool from squirrelsql.org one connectiviy is established, splunk configuration is straight forward. When index the database for first time, watch out for traffic bottleneck and maxing out disk I/O on DB servers. Please post error messages from db ... View more

First make sure that you have assign proper user/app permission in bellow three areas 1 - Lookup table files 2 - Lookup definitions 3 - Automatic Lookups If above three are OK. then It is surely some wrong setting or typo in automatic lookups definition. make sure that you have define proper setting under Lookups » Automatic lookups » Lookup table definition [table definition] correct sourcetype or host proper input field maping proper output field mapping If all of the above are correct , lookup should be successful and you show see the result in fields side bar. Or post sample logs and csv file ... View more