DocumentationAPI ReferenceRelease Notes
Log In
Documentation

Splunk Enterprise

Suggest Edits

You need to configure Splunk Enterprise to receive events from either the Splunk Universal Forwarder or the Splunk DB Connect application.

Prerequisites

  • Splunk Enterprise is installed
  • Appropriate access to the system is in place
  • You are familiar with the Splunk interface

Splunk DB Connect is an application from Splunk Enterprise you can install in your Splunk Enterprise instance. Splunk DB Connect retrieves events from the database you define, such as BeyondTrust Endpoint Privilege Management Reporting, and inserts the events into Splunk Enterprise.

You can use Splunk DB Connect to query the Export Views for Endpoint Privilege Management.

You can use SQL authentication or any of the default Endpoint Privilege Management Reporting accounts to authenticate with the BeyondTrust database. The default accounts are Report Reader, Event Parser, and Data Admin.

You can retrieve events from your endpoints or your Windows event collector node instead.

📘

For more information, see the following:

Endpoint Privilege Management Export Views

Install the Splunk Universal Forwarder

Install DB Connect

Prerequisites

  • Splunk Enterprise 6.4.0 or later
  • Java Platform, Standard Edition Development Kit (JDK) from Oracle. JDK is required. The JRE alone is not sufficient.
  • Java Database Connection (JDBC) to connect to databases

📘

For more information, see the following:

Java SE Downloads

Deploy and Use Splunk DB Connect: Prerequisites

Install on Splunk Enterprise

  1. Open your Splunk Enterprise instance, and click App: Search & Reporting from the top menu bar.
  2. If DB Connect is installed, it appears in the list. Otherwise, click Find More Apps.
  3. Type DB Connect in the search box if Splunk can connect to the internet. Follow the onscreen instructions to install DB Connection. Alternatively, you can download DB Connect from the Splunk store to install manually.

ℹ️

Note

To download DB Connect from the Splunk store, see https://splunkbase.splunk.com/app/2686/. This page requires email verification.

  1. Click App: Search & Reporting > Manage Apps to install DB Connect from a separate installer.
  2. Click Install app from file and browse to the location of DB Connect you downloaded.
  3. Click Upload and follow the onscreen instructions to install DB Connect.
  4. After DB Connect is installed, you can access it from the App: Search & Reporting top menu.

Configure Splunk Enterprise to receive events

  1. Click Settings > Forwarding Receiving (under the Data menu).
  2. Click Configure Receiving and then New to create an entry.
  3. Enter 9997 in the Listen on this port field.
  4. Click Save.
    Splunk Enterprise is now configured to listen for events sent using any method.

Updated 3 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.