1: install DB connect and DB driver: (下图的第一个和第三个)
Splunk® DB Connect - Splunk documentation
参考下面官网链接:https://docs.splunk.com/documentation/DBX/3.8.0/DeployDBX/HowSplunkDBConnectworks
看DB connect , JRE JDBC, DB 之间的关系:
1: 先安装java: JRE: System requirements - Splunk documentation
参考:下面安装JRE:
注意: 上面JRE 要安装 server 版的,64 位,安装好以后,看java_home, 参考:
查看Linux中自带的jdk ,设置JAVA_HOME - ぶ会编程 - 博客园
[root@xx-001 hsheng]# which java
/bin/java
[root@xx-001 hsheng]# ls -l /bin/java
lrwxrwxrwx 1 root root 22 Mar 8 22:20 /bin/java -> /etc/alternatives/java
[root@xx]# ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 37 Mar 8 22:20 /etc/alternatives/java -> /usr/java/jdk1.8.0_321-amd64/bin/java
[root@xx]# cd /usr/java/jdk1.8.0_321-amd64
[root@xx]# ls
COPYRIGHT THIRDPARTYLICENSEREADME-JAVAFX.txt include jre man
LICENSE THIRDPARTYLICENSEREADME.txt javafx-src.zip legal release
README.html bin jmc.txt lib src.zip
[root@xx]#
看出来java_home 是/usr/java/jdk1.8.0_321-amd64, 所以设置:java home:
Vi /etc/profile
export JAVA_HOME="/usr/java/jdk1.8.0_321-amd64"
然后启用: source /etc/profile
echo $JAVA_HOME
2: 安装JDBC driver:
Install database drivers - Splunk documentation
选择MS SQL server : Splunk DBX Add-on for Microsoft SQL Server JDBC | Splunkbase
3: install DB connect:
Install and configure Splunk DB Connect on a single instance Splunk platform deployment - Splunk documentation
配置如下图:(注意java_home/Jre)
Create and manage identities - Splunk documentation
具体到页面中看设置:
4: 关于output, 可以参考下面链接:https://docs.splunk.com/documentation/DBX/3.8.0/DeployDBX/Createandmanagedatabaseoutputs
