Splunk DB Connect

Enrich Machine Data with Business Context

Integrating structured data from relational databases with data in Splunk Enterprise can drive deeper levels of Operational Intelligence for IT operations, security and business analytics. Splunk DB Connect delivers reliable, scalable, real-time integration between Splunk Enterprise and relational databases.

  • IT operations teams can track performance, outage and usage by department, location and business entities
  • Security professionals can correlate machine data with critical assets and watch-lists for incident investigations, real-time correlations and advanced threat detection
  • Business users can analyze service levels and user experience by customer in real time to make more informed decisions


A variety of important data can be found in relational databases including customer, HR and product data. With Splunk DB Connect, users can lookup data in relational databases to enrich Splunk search results with business context.

  • Enrich Splunk search results with structured data from relational databases
  • Explore and browse database schemas and tables
  • Import and index data from relational databases for analysis and visualization in Splunk
  • Connect new databases in minutes and scale to multiple concurrent databases
Splunk DB Connect

Why Splunk

Splunk provides the engine for machine data. Splunk collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks and mobile devices that power business. Splunk DB Connect enables you to enrich this unstructured data with structured data and delivers real-time integration between Splunk Enterprise and relational databases.


  • Database Lookup - Enrich machine-generated data by adding meaningful information from a relational database
  • Easy to Configure - Use a standard, secure mechanism for inputs from relational databases, instead of brittle external scripts
  • Explore Database Schemas - Browse and navigate database schemas and tables from the Splunk DB Connect user interface before deciding to import data into Splunk
  • Import and Index Data from Relational Databases into Splunk - Splunk DB Connect is ideal for indexing new database data within Splunk Enterprise. Use the Splunk tail command to detect updated or new rows in the database by referencing time stamp values
  • Connection Pooling and Caching - For faster performance Splunk DB Connect Add-on includes a Java Bridge Server
  • Search Language Extensions - Use Splunk search commands such as Dbquery and Dbinfo to execute database queries directly from the Splunk Enterprise user interface
  • Database Connection Management - Configure data integration with IBM DB2, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, SAP Sybase and more in minutes from the Splunk User Interface
  • Access Rights - Grant user permissions to query only certain databases. Restrict connections to read-only mode
  • Scalability - Allow the input and output of data to be effectively unlimited to work with large data sets. Choose between streaming and batch modes
Learn More