https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279264#M190455 <P>Yup, that would do it. Also note that since you didn't specify an index, your events will go to the default index (main). You may want to think about how to use multiple indexes, if you have different data retention or access permissions requirements for various data sources.</P> <P>I will add the resolution as an answer, please accept it, so the question shows as 'answered'.</P> <P>Happy Splunking!</P> Mon, 14 Dec 2015 18:13:53 GMT s2_splunk 2015-12-14T18:13:53Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279261#M190452 <P>I am trying to index data from a Postgres database using DB Connect 1. I am able to make a connection to the database, and I can also run queries and see the data by clicking on the DB Query button under "Explore database schema" in the DB Connect 1 app. However, the data is not getting indexed when I create a database input.</P> <P>I know that Splunk is able to retrieve the data, because it creates a kv_nnn.dbmonevt file under <CODE>C:\Program Files\Splunk\var\spool\dbmon</CODE> containing the data in key/value pairs, but this data never gets indexed. To rule out any issue with the data, I also tried specifying a query that returns just one column from my database table (the primary key) but this does not get indexed despite the kv_nnn.dbmonevt file being created.</P> <P>Any help would be appreciated.</P> Tue, 29 Sep 2020 08:09:38 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279261#M190452 kbarker302 2020-09-29T08:09:38Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279262#M190453 <P>Can you share your inputs.conf file?</P> Mon, 14 Dec 2015 17:39:06 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279262#M190453 s2_splunk 2015-12-14T17:39:06Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279263#M190454 <P>Thank you - I believe you pointed me in the right direction. This is from my inputs.conf under etc\apps\dbx\local:</P> <P>[batch://$SPLUNK_HOME\var\spool\dbmon*.dbmonevt]<BR /> crcSalt = <BR /> disabled = 1<BR /> move_policy = sinkhole<BR /> sourcetype = dbmon:spool</P> <P>I'm not sure how or when the disabled flag got set, but I changed it to 0 and now I'm able to index the data.</P> Tue, 29 Sep 2020 08:09:40 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279263#M190454 kbarker302 2020-09-29T08:09:40Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279264#M190455 <P>Yup, that would do it. Also note that since you didn't specify an index, your events will go to the default index (main). You may want to think about how to use multiple indexes, if you have different data retention or access permissions requirements for various data sources.</P> <P>I will add the resolution as an answer, please accept it, so the question shows as 'answered'.</P> <P>Happy Splunking!</P> Mon, 14 Dec 2015 18:13:53 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279264#M190455 s2_splunk 2015-12-14T18:13:53Z https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279265#M190456 <P>The problem was resolved by setting <STRONG>disabled=0</STRONG> in inputs.conf for the database input.</P> Mon, 14 Dec 2015 18:14:17 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-DB-Connect-Why-am-I-unable-to-index-data-from-a-Postgres/m-p/279265#M190456 s2_splunk 2015-12-14T18:14:17Z