Splunk search for Database Connect (DBX) Connections by Identity Username
Copy
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-identities
| rename title as user_title
| map [ | rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections | search disabled=0 AND identity="$user_title$" | eval username="$username$", domain_name="$domain_name$" ]
| table title connection_type database host identity username domain_name
This search will return information on all Database Connect (DBX) connections that are configured and enabled, including the username of the identity used to connect to the database. This search should be run on the DBX server itself. Can also be run on a monitoring console that has the DBX server as a search peer, but will need to modify the splunk_server parameter.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment