The only way Splunk has to connect to a database "itself" is via DB Connect (docs)
From Splunk’s perspective, there is no way to connect to 100 databases without having unique connections to each.
So far as I know, there is no tool that will connect to more than one database without unique connections – that’s something database servers enforce in transactional models.
That being said, if you have a way to enumerate all the databases you want to connect to, and a place to save the queries you want to run, you could build either a
- scripted-input add-on that could use your language of choice (whatever’s available on the Splunk server(s)/endpoint(s) it’s running on) to iterate through each database, run each query, and ship the results back to Splunk, or
- in similar fashion to the scripted-input option, write a script (or set of scripts) that would execute the queries in question against the databases you’re targeting, and submit results to the HTTP Event Collector (HEC) (HL has a great write-up on HEC over here, and here’s George Starcher’s Python class for HEC)
from User warren – Stack Overflow https://stackoverflow.com/questions/63593286/splunk-execute-the-same-query-on-multiple-datasources/63597983#63597983
via IFTTT