I ran into some Issues with DB Connect 2 DB-Input on Splunk 6.1 and MySQL:
1. I've tried several ways to get a timestamp field setup in the GUI:
- normal datetime fields seem to be misinterpreted to wrong dates
- if I try a characterfield, the Javadate format does not allow a format like "yyyy-MM-dd HH:mm:ss"
- if i try a conversion inside the query with unix_time; I get an Error about bigint not supported as timestamp
2. Where clauses are not possible through GUI if you're working in tail mode
3. Through the Limitations in 2 I have a fairly complex view setup where the query takes around 5 minutes on my systems. I've enabled the Debug Logging for dbx2.log and found the following Statements showing some kind of timeout for the dbinput service, but also stating that the query could take up to an hour:
/04/17/2015 14:59:14 [CRITICAL] [ws.py] [DBInput Service] timed out [DEBUG] [mi_input.py] The execution time is 327.349689 seconds for this dbinput [mi_input://otrs-ticket-view-3] and its maximum query timeout setting is 3600 seconds
Thx in advance
We are aware of this problem and the patch for this problem is tentatively slated for 2.0.2. In the mean time you can get this to work by making a small modification in /bin/mi_base.py.
Line 117: shouldexecute = self.clusteringprecheck()
replace this line with should_execute = True
Please do this only when you run dbx on a forwarder. This workaround has not been extensively tested either. This workaround should be used at your own risk.