Skip to main content
Splunk Lantern

Database data


Databases are the fundamental elements of information collection, storage and analysis of digital information. Databases are categorized as either relational, in which data is organized in spreadsheet-like tables of columns and rows, or NoSQL (nonrelational), where information is organized purely by columns (column store) as key-value pairs, by unstructured documents or interconnected graphs linking related data elements.

Structured Query Language (SQL) statements are the main interface in relational databases. SQL statements are used to create, read, update, and delete data in the database. Visibility into this activity enables you to do all of the following and more:

  • Detect and identify long running queries as candidates for optimization
  • Detect and identify slow queries as candidates for optimization
  • Monitor trends in query behavior for capacity and planning
  • Detect unauthorized data access 
  • Attest to compliance with data governance controls and rules

 In the Common Information Model, database query data is typically mapped to the Databases data model.  


When your Splunk deployment is ingesting database data, you can use it to accomplish security and compliance, IT Ops, and application delivery use cases.

Source types

Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with antivirus data.

Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.