Refer to the for the Original setup


First part - Install and setup "Splunk DB Connect"

Afterwards, make sure JAVA is configed:

add the Postgres JDBC driver and check the Config:

Now, the core part is done.


Then setup Identities and Connection - this is pretty basic

Remember to make sure the Databases You are connecting to are listening on and NOT - The is typically default for Postgres and MySQL


Reffering to the previous ELK setup, we use the same query:

    release_group.gid AS album_id,
    release_group.type AS album_primary_type_id, AS album_primary_type_name, AS release_name, AS artist_name,
    artist.gid AS artist_gid, AS artist_credit_id,
    artist.type AS artist_type_id, AS artist_type_name,
    artist.begin_date_year artist_begin_date_year, AS artist_country_name,
    release_country.date_year AS release_year,
    release_country.date_month AS release_month,
    release_country.date_day AS release_day
INNER JOIN musicbrainz.artist_credit_name
    ON artist_credit_name.artist =
INNER JOIN musicbrainz.artist_credit
    ON = artist_credit_name.artist_credit
INNER JOIN musicbrainz.release_group
    ON release_group.artist_credit =
INNER JOIN musicbrainz.release
    ON release.release_group =
INNER JOIN musicbrainz.release_country
    ON = release_country.release
INNER JOIN musicbrainz.artist_type
    ON artist.type =
INNER JOIN musicbrainz.area
    ON artist.area =
INNER JOIN musicbrainz.release_group_primary_type
    ON = release_group.type
    ((release_country.date_year IS NOT NULL) AND
    (release_country.date_month IS NOT NULL) AND
    (release_country.date_day IS NOT NULL))
    ) As Dummy2

To get a preview:


Where Logstash only gave us the possibility to "bulk" upload the Query result to Elasticsearch - "Splunk DB Connect" gives us 3 options:

This is where Splunk in my Opinion "runs over" the ELK stack - There are more GUI and both inputs (as Logstash) and on-the-fly lookup (smile)

DB Inputs

DB Inputs are "equal" to the Logstash approach, load the Query result into Splunk as "log lines":


Gives the loglines:

DB Outputs

DB Lookups