Solved: Re: Advice on tailing database based on commit tim...

gwiley_splunk · ‎04-21-2015

I have a database table that I want to index using dbmon-tail based on the commit time column. If I have multiple rows that have the same commit timestamp can I get into a situation where some rows won't be indexed if, for example, there is a network disconnect between Splunk and the database?

For example, there are 10 rows all with the same batch commit timestamp but Splunk only got 3 of them before a disconnect occurred. When the connection is restored would Splunk only continue from the next newer timestamp, assuming that there is no other column that could be used as a rising column?

Is there any difference in behaviour in this case between v1 and v2 of DB Connect?

Cheers

jcoates_splunk · ‎04-21-2015

No, this is a standard risk of using time as the rising column. Some form of database change will be needed. Either add a unique Row ID column, or increase the resolution of the existing time column.

View solution in original post

jcoates_splunk · ‎04-21-2015

No, this is a standard risk of using time as the rising column. Some form of database change will be needed. Either add a unique Row ID column, or increase the resolution of the existing time column.

gwiley_splunk · ‎04-21-2015

Thanks, you've confirmed what I thought.

And there's no difference in behaviour between v1 and v2 in this regard?

jcoates_splunk · ‎04-21-2015

That's correct.

Advice on tailing database based on commit timestamp

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms