Connecting Splunk Enterprise to IBM DB2 via JDBC Driver

Splunk, or “Google for machine data/logs,” is a web interface used to analyze, monitor and search for machine-generated big data. Its primary use cases are security, compliance, application management and analytics. On top of this, Splunk also offers top-tier log analysis.

Your organization may want to connect to an external database from Splunk to retrieve data from a database or write Splunk enterprise data into databases, etc. Splunk has a DB Connect app that easily installs into your Splunk Enterprise. The DB Connect app uses a JDBC driver in the background to perform any operations against the database.

Analyze Siloed Data With Splunk DB Connect

With the explosion of data flowing through enterprise apps, data has become more siloed than ever before. How do you get a complete picture of your data? The Splunk DB Connect app makes this possible by combining disparate data to be analyzed by Splunk Enterprise, providing actionable insights.

Don’t Use Go-Cart Tires on Your Ferrari

JDBC drivers are critical to a successful connection between your data silos and Splunk DB Connect. The default native and checkbox drivers provided by Splunk can never scale up to your organizational needs. If Splunk is your Ferrari and the drivers are your tires, would you choose go-cart tires that barely let you move or racing tires that let you go 170 mph?

Checkbox drivers are like your grandpa’s station wagon, and using them is like using the go-cart tires. They get the job done, but with a major performance cost. We have developed powerful JDBC drivers to drastically improve the functionality, security, and performance of your IT infrastructure. Learn all about how our drivers outperform checkbox drivers here.

Tutorial: Connecting Splunk Enterprise to IBM DB2 via JDBC Driver

Ready to connect your DB2 database with Splunk using high-performance JDBC drivers

? We outline the entire process of installing and configuring the Progress DataDirect JDBC drivers in your Splunk Enterprise in this tutorial.

Introduction to Splunk

Splunk is a cutting edge operational intelligence and data processing platform that offers a top tier log analysis. It’s a powerful engine that lets you monitor, search, investigate, visualize and report on what’s happening with your IT infrastructure in real time.

There are times where an organization might want to connect to an external database from Splunk to get data from a database or write Splunk enterprise data in to databases etc. Fortunately, Splunk has a DB Connect app that is easily installable in your Splunk Enterprise. This app uses a JDBC driver in the background to perform any operations against the database.

In this tutorial, we will be going through on how you can connect your IBM DB2 database using Splunk DB Connect app that leverages Progress DataDirect IBM DB2 JDBC driver.

Before You Start

Make sure you have following installed and configured properly before you go ahead with the tutorial.

1. Have Splunk Enterprise installed and running.
2. Installed the Splunk DB Connect app in Splunk Enterprise.

Installing Progress DataDirect DB2 JDBC Driver

1. Download the IBM DB2 JDBC driver from Progress website.
2. After the download has completed, unzip the package PROGRESS_DATADIRECT_JDBC_DB2_WIN.zip to extract the Setup.exe.
3. Double click on the Setup.exe to start the installer. Follow the prompts on the installer and when prompted about type of installation, choose Evaluation Installation.
4. If you would like to change the installation folder, you can do so during the installation process.
5. Complete the installation, by click on Next and on the Install Summary page, click on Install.

Configure DataDirect DB2 JDBC in Splunk DB Connect

In this section, we will go through how to configure the DataDirect JDBC DB2 to work with Splunk DB Connect.

1. Go to \path\to\Splunk\etc\apps\splunk_app_db_connect\default directory.
2. Make a backup of db_connection_types.conf file anywhere on your machine and open the file for edits.
3. Add the following configuration to the file, to add support for Splunk DB Connect app to use Progress DataDirect DB2 JDBC driver.   [datadirect_db2]displayName = Progress DataDirect IBM DB2
DriverserviceClass = com.splunk.dbx2.DefaultDBX2JDBCjdbcDriverClass =
com.ddtek.jdbc.db2.DB2DriversupportedVersions = 1.0jdbcUrlFormat =
jdbc:datadirect:db2://<;host>:<port>;DatabaseName=<database>port = 50000  
4. Save the file and close it.
5. Now head over to \install\path\to\Progress\DataDirect\Connect_for_JDBC_51\liband copy the db2.jar file to \path\to\Splunk\etc\apps\splunk_app_db_connect\bin\lib
6. Reload the drivers in Splunk DB Connect settings or restart Splunk Enterprise to make sure the changes are reflected and you should see the Progress DataDirect DB2 driver listed on the drivers’ page along with the status saying that the driver has been installed as shown below.

Connecting to DB2

1. Go to Splunk DB Connect Explorer and create a new identity by clicking on (+) on the left side bar across Identities tree.
2. Fill in the details on the form as shown, where username and password are the credentials for DB2 database and name the Identity as you like.
3. Create a new connection, and fill in the details as below   Name: <Any Name> Identity: <Identity created in previous step> App: Splunk DB Connect Port: <Port for your database> Host: <IP Address/Hostname of DB2> Database Types: Progress DataDirect IBM DB2 Driver Default database: <database name> JDBC URL Format: <No change needed, will be automatically populated from configuration file>  
4. Here is a screenshot of the configuration that I have done for your reference.  
    
5. Scroll down and click on validate button, to check if you are able to successfully connect to your DB2 instance. You should see a Valid Connection notification as shown below once you have successfully connected.

Click on Save, to the save the connection. 

Next Steps

Now that you have successfully connected your DB2 database with Splunk, feel free to connect more of your databases using Progress DataDirect JDBC drivers for Oracle, Cloudera Hive, Spark SQL, and more using the same approach that we showed you in this tutorial.