All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Connection Error with DBConnect to MySQL

BryanScovill
Explorer
‎01-15-2020 04:33 PM

For some reason, after a VM event that caused a disruption to my Splunk's connection to downstream DBs, my MySQL connections will no longer connect. They report back "Could not create connection to database server" or ""Host 'XXX' is blocked because of many connection errors;"

Connections to Postgres DBs stayed just fine. And, oddly, we can create a valid MySQL connection via the same server's OS level MySQL client. Logs on the DB side don't even suggest a connection attempt when we try via DB Connect, although the error sort of contradicts that. Logs on the Splunk side don't yield anything useful. All of the searching I've done points at a network level issues, but that doesn't appear to be the case.

DB Connect and the MYSQL driver are all up to date and haven't been changed recently. Anyone have any thoughts on how to proceed?

Thanks.

0 Karma
Reply

BryanScovill
Explorer
‎02-13-2020 09:01 AM

So, after a lot of digging and involving TAC and getting the case escalated we finally found a solution. It turns out my timelines were off and the root cause was an upgrade of the DB. Splunk's 5.1 driver was failing the handshake with MariaDB 8.0.17 so we went and manually upgrade the Connector/J to 8 and poof! Happy connections again.

The folks at TAC were telling me that the 8 driver was still in testing as part of the DB Connect package and that package wasn't ready yet. They thought the driver update had a good chance of helping so we tried it manually.

It was a real pain of a problem because the DB logs showed nothing at all unless we set debug to 4 and then only a handshake error not tied to any source. And handshake errors show up on other connections that are successful at that level of debug.

Thanks.

0 Karma
Reply

jawaharas
Motivator
‎01-19-2020 08:17 PM

Try to increase the logging level and check the internal logs (splunk_app_db_connect*.log) to troubleshoot the issue.

Log configuration URL: http://splunk-host:8000/en-GB/app/splunk_app_db_connect/configuration#/settings/logconfiguration

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...