Splunk DB Connect 3 Released

Splunk DB Connect has just gotten a major upgrade! Let’s take a look at it.

What’s New

Splunk DB Connect 3.0 is a major release to one of the most popular Splunk add-ons. Splunk DB Connect enables powerful linkages between Splunk and the structured data world of SQL and JDBC. The major improvements of this release are:

  • Performance improvement. Under similar hardware conditions and environment, DB Connect V3 is 2 to 10 times faster than DB Connect V2, depending on the task.
  • Usability improvement. A new SQL Explorer interface assists with SQL and SPL report creation.
  • Improved support for scripted configuration, via reorganized configuration files and redesigned checkpointing system. Note that rising column checkpoints are no longer stored in configuration files.
  • Stored procedures support in dbxquery.
  • Retry policy on scheduled tasks is improved (no more need for auto_disable)

Backward Compatibility Changes

As part of this major release, we are making changes that will affect some users. The features that will have backward compatibility changes are:

  • Resource pooling is removed. If you are now using resource pooling, the configuration will be removed and all scheduled tasks will operate on the master node only. Resource pool nodes can be repurposed.
  • Scheduled tasks (inputs, outputs) are disabled on search head cluster. Scheduled tasks are disabled, but you can still perform output using dbxoutput command on search head cluster. If you are now using scheduled tasks on DB Connect V2, you need to move the configuration files from a cluster node to a heavy forwarder, then upgrade in-place to DB Connect 3.
  • Lookups redesigned. For performance and clarity reasons, automatic and scripted lookups have been replaced with a simpler, more performant dbxlookup command. If you are now using scripted lookups for their caching behavior, you can replicate this behavior and avoid search changes by creating a scheduled dbxquery task which outputs a lookup with the same name. If you are now using automatic lookups for live database access, you need to edit the searches to use the dbxlookup command instead of lookup.
  • dbxquery command options changed. The options output and wrap are deprecated and have no effect. The value for output and wrap is set to CSV and False by default. The value for shortnames is set to true by default.


DB Connect users should review documentation and test upgrade before moving DB Connect 3 into production. If you just upgrade the existing package in production, data will no longer flow. The version 3 package includes a migration script, see for documentation. Users of Spark SQL, Teradata, or Oracle databases may need to take additional manual steps to complete driver migration.

Jack Coates

Posted by