Skip to main content


Splunk Lantern

Database data


Databases are the fundamental elements of information collection, storage and analysis of digital information. Databases are categorized as either relational, in which data is organized in spreadsheet-like tables of columns and rows, or NoSQL (nonrelational), where information is organized purely by columns (column store) as key-value pairs, by unstructured documents or interconnected graphs linking related data elements.

Structured Query Language (SQL) statements are the main interface in relational databases. SQL statements are used to create, read, update, and delete data in the database. Visibility into this activity enables you to do all of the following and more:

  • Detect and identify long running queries as candidates for optimization
  • Detect and identify slow queries as candidates for optimization
  • Monitor trends in query behavior for capacity and planning
  • Detect unauthorized data access 
  • Attest to compliance with data governance controls and rules

 In the Common Information Model, database query data is typically mapped to the Databases data model.  

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for the Splunk platform