Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

SQL Query

Description

Write an SQL query to execute on a compatible database server and generate logs from the result.

Supported Platforms

Bindplane Agent: v1.40.0+

PlatformMetricsLogsTraces
Linux
Windows
macOS

Configuration

FieldDescription
DriverWhich database driver should be used. Typically indicates which kind of database is being queried. Options include "postgres", "mysql", "snowflake", "sqlserver", "sap-hana", and "oracle".
Database Connection OptionsA driver specific string specifying how to connect to the database. Usually contains information like host, port, authorization credentials, TLS configuration, and other connection options.
QueryThe SQL query to run. The results of the query are used to generate the telemetry specified below.
Log Body ColumnDefines the name of the column whose value will become the body for the generated log.
Tacking ColumnUsed for parameterized queries. Defines the name of the column to retrieve for the parameter value on subsequent query runs. See this OTel Documentation for more information.
Tracking Start ValueUsed for parameterized queries. Defines the initial value of the tracking column to compare against on subsequent query runs. See this OTel Documentation for more information.
Collection IntervalHow frequently to execute queries to retrieve log data. Default is '10s'.
Enable Tracking StorageIf using tracking values, enable this to persist those values when the collector is restarted. Directory will be "$OIQ_OTEL_COLLECTOR_HOME/storage". See this OTel Documentation for more information.
Enable Query LoggingWhether or not the collector should log the SQL query with associated parameters when the query is ran.

Example Configuration

In this example, we are connecting to a postgres database using a postgres driver specific connection string. We are using a simple query which is retrieving rows of logs from a table. We are tracking the id column to avoid creating duplicate logs.

Web Interface

observIQ docs - SQL Query Source - image 1

Standalone Source

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Source
3metadata:
4  id: sqlquery
5  name: sqlquery
6spec:
7  type: sqlquery
8  parameters:
9    - name: driver
10      value: 'postgres'
11    - name: datasource
12      value: 'postgresql://postgres:password@localhost:5432/production?sslmode=disable'
13    - name: query
14      value: 'select data, id from log_data where id > $1'
15    - name: body_column
16      value: 'data'
17    - name: tracking_column
18      value: 'id'
19    - name: tracking_start_value
20      value: '0'
21    - name: interval
22      value: '10s'
23    - name: enable_storage
24      value: true
25    - name: enable_log_query_logging
26      value: true