Watson Discovery

 View Only
Expand all | Collapse all

Export querylog data to Splunk

  • 1.  Export querylog data to Splunk

    Posted Wed December 09, 2020 03:29 PM

    Hi,

    We have a requirement to log all user searches in our Splunk environment.

    I have discovered that the user queries are loggen in a derby database in de following location:

    .../esdata/data/cloudschape/querylog/log/logxx.dat

    Before I continue down this road I want to know:

    Are we allowed to read/export data from this cloudscape database(s) ? In other words, are we violating terms or conditions here ?

    If it is allowed the obvious question is:

    Where can I find the JDBC connection string ?

    Thanks





    #Support
    #SupportMigration
    #WatsonDiscovery
    #WatsonExplorer


  • 2.  RE: Export querylog data to Splunk
    Best Answer

    Posted Sat December 19, 2020 06:06 AM

    Hi Michel,

    I don't think accessing the derby databse directly is goung to be a vable option - or at least not one supported.

    As an alternative, have you already looked at the export?

    https://www.ibm.com/support/knowledgecenter/en/SS8NLW_11.0.2/com.ibm.discovery.es.ad.doc/iiysarfcomd.html

    It exports the query statistics history to a file in CSV format. If you omit the range option, all stored history records are written to the file. With the range option, records from the specified from_hours_before value to the to_hours_before value are written to the file.

    Sample command: Export all records:

    esadmin database.node1 export -fname /home/esadmin/query_all.csv esadmin database.node1 export -fname /home/esadmin/query_all.csv

    You get a.csv which you could automate to upload into Splunk.





    #Support
    #SupportMigration
    #WatsonDiscovery
    #WatsonExplorer