Install the Splunk DB Connect Application

Splunk DB Connect is an application from Splunk Enterprise you can install in your Splunk Enterprise instance. Splunk DB Connect retrieves events from the database you define, such as BeyondTrust Endpoint Privilege Management Reporting, and inserts the events into Splunk Enterprise.

You can use Splunk DB Connect to query the Export Views for Endpoint Privilege Management.

You can use SQL authentication or any of the default Endpoint Privilege Management Reporting accounts to authenticate with the BeyondTrust database. The default accounts are Report Reader, Event Parser, and Data Admin.

You can retrieve events from your endpoints or your Windows event collector node instead.

Install DB Connect

Prerequisites

  • Splunk Enterprise 6.4.0 or later
  • Java Platform, Standard Edition Development Kit (JDK) from Oracle. JDK is required. The JRE alone is not sufficient.
  • Java Database Connection (JDBC) to connect to databases

For more information, please see the following:

Install on Splunk Enterprise

  1. Open your Splunk Enterprise instance, and click App: Search & Reporting from the top menu bar.
  2. If DB Connect is installed, it appears in the list. Otherwise, click Find More Apps.
  3. Type DB Connect in the search box if Splunk can connect to the internet. Follow the onscreen instructions to install DB Connection. Alternatively, you can download DB Connect from the Splunk store to install manually.

To download DB Connect from the Splunk store, please see https://splunkbase.splunk.com/app/2686/. This page requires email verification.

  1. Click App: Search & Reporting > Manage Apps to install DB Connect from a separate installer.
  2. Click Install app from file and browse to the location of DB Connect you downloaded.
  3. Click Upload and follow the onscreen instructions to install DB Connect.
  4. After DB Connect is installed, you can access it from the App: Search & Reporting top menu.