Activate the Database Collector

Activating a broker VM with a Database Collector applet enables you to collect data a client relational database directly to your log repository.
Ingesting logs and data from external sources requires a Cortex® XDR™ Pro per TB license.
The broker VM provides a Database Collector applet that enables you to collect data from a client relational database directly to your log repository for query and visualization purposes. After you activate the Database Collector applet on a broker VM in your network, you can collect records as datasets (
<Vendor>_<Product>_raw
) by defining the following.
  • Database connection details, where the connection type can be MySQL, PostgreSQL, MSSQL, and Oracle. Cortex XDR uses Open Database Connectivity (ODBC) to access the databases.
  • Settings related to the query details for collecting the data from the database to monitor and upload to Cortex XDR.
Complete the following task before you begin setting up the FTP Collector applet.
Activate the Database Collector.
  1. In Cortex XDR, select
    Settings ( )
    Configurations
    Broker VM
    and locate your broker VM.
  2. Right-click the broker VM and select
    Database Collector
    Activate
    .
  3. Configure your Database Connection.
    1. Configure the
      Database Connection
      settings.
      • Connection
        —Select the type of database connection as
        MySQL
        ,
        PostegreSQL
        ,
        MSSQL
        , or
        Oracle
        .
      • Host
        —Specify the hostname or IP address of the database.
      • Port
        —Specify the port number of the database.
      • Database
        —Specify the database name for the type of database configured. This field is relevant when configuring a
        Connection Type
        for
        MySQL
        ,
        PostegreSQL
        , and
        MSSQL
        .
        When configuring an
        Oracle
        connection, this field is called
        Service Name
        , so you can specify the name of the service.
      • Enable SSL
        —Select whether to
        Enable SSL
        (default) to encrypt the data while in transit between the database and the broker VM.
      • Username
        —Specify the username to access the database.
      • Password
        —Specify the password to access the database.
      • Test Connection
        —Select to validate the database connection.
    2. Configure the
      Database Query
      settings.
      • Rising Column
        —Specify a column for the Database Collector applet to keep track of new rows from one input execution to the next. This column must be included in the query results.
      • Retrieval Value
        —Specify a
        Retrieval Value
        for the Database Collector applet to determine which rows are new from one input execution to the next. The first time the input is run, the Database Collector applet only selects those rows that contain a value higher than the value you specified in this field. Each time the input finishes running, the Database Collector applet updates the input's
        Retrieval Value
        with the value in the last row of the
        Rising Column
        .
      • Unique IDs
        —(
        optional
        ) Specify the column name(s) to match against when multiple records have the same value in the
        Rising Column
        . This column must be included in the query results. This is a comma separated field that supports multiple values. In addition, when specifying a
        Unique IDs
        , the query should use the greater than equal to sign (
        >=
        ) in relation to the
        Retrieval Value
        . If the
        Unique IDs
        is left empty, the user should use the greater than sign (
        >
        ).
      • Collect Every
        —Specify the execution frequency of collection by designating a number and then selecting the unit as either
        Seconds
        ,
        Minutes
        ,
        Hours
        , or
        Days
        .
      • Vendor
        and
        Product
        —Specify the
        Vendor
        and
        Product
        for the type of data being collected. The vendor and product are used to define the name of your XQL dataset (
        <Vendor>_<Product>_raw
        ).
      • SQL Query
        —Specify the
        SQL Query
        to run and collect data from the database by replacing the example query provided in the editor box. The question mark (
        ?
        ) in the query is a checkpoint placeholder for the
        Retrieval Value
        . Every time the input is run, the Database Collector applet replaces the question mark with the latest checkpoint value (i.e. start value) for the
        Retrieval Value
        .
      • Generate Preview
        —Select
        Generate Preview
        to display up to 10 rows from the
        SQL Query
        and
        Preview
        the results. The
        Preview
        works based on the Database Collector settings, which means that if after running the query no results are returned, then the
        Preview
        returns no records.
      • Add Query
        —(
        optional
        ) To define another
        Query
        for data collection on the configured database connection, select
        Add Query
        . Another
        Query
        section is displayed for you to configure.
  4. (
    optional
    )
    Add Connection
    to define another database connection to collect data from another client relational database.
  5. (
    optional
    ) Other available options.
    As needed, you can return to your Database Collector settings to manage your connections. Here are the actions available to you.
    • Edit the connection name by hovering over the default
      Collection
      name, and selecting the edit icon to edit the text.
    • Edit the query name by hovering over the default
      Query
      name, and selecting the edit icon to edit the text.
    • Disable
      /
      Enable
      a query by hovering over the top area of the query section, on the opposite side of the query name, and selecting the applicable button.
    • Delete a connection by hovering over the top area of the connection section, on the opposite side of the connection name, and selecting the delete icon. You can only delete a connection when you have more than one connection configured. Otherwise, this icon is not displayed.
    • Delete a query by hovering over the top area of the query section, on the opposite side of the query name, and selecting the delete icon. You can only delete a query when you have more than one query configured. Otherwise, this icon is not displayed.
  6. Activate
    the Database Collector applet.
    After a successful activation, the
    Apps
    field displays
    Database Collector - Active
    .
  7. (
    Optional
    ) To view metrics about the Database Collector, hover over the
    Database Collector
    link in the Apps field.
    Cortex XDR displays
    Resources
    , including the amount of
    CPU
    ,
    Memory
    , and
    Disk
    space the applet is using.
  8. Manage the Database Collector.
    After you activate the Database Collector, you can make additional changes as needed. To modify a configuration, right-click your broker VM and select:
    • Database Collector
      Configure
      to redefine the Database Collector configurations.
    • Database Collector
      Deactivate
      to disable the Database Collector.

Recommended For You