All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DB Connect opens a lot of DB connections

aecruzp
Path Finder
‎01-23-2018 08:43 AM

Good afternoon
We currently have a database connection called ENIQ, this does not index data in the indexer, it makes queries directly to the server.
For them there are many queries like the following:
example:

| dbxquery connection = ENIQ query = "SELECT CONVERT (char (23), DATETIME_ID, 121) as 'Date_hour', round (sum (ggsnDownlinkBytes * 😎 / (900 * 1000 * 1000), 2) as Downlink_Total, round (sum ( ggsnUplinkBytes * 😎 / (900 * 1000 * 1000), 2) as Uplink_Total from DC_E_GGSN_GGSN_RAW where datepart (dy, DATETIME_ID)> datepart (dy, getdate ()) - 3 and (GGSN = 'SAGG07' or GGSN = 'SAGG08' ) 

Reviewing DBX - Connection Health - Connections, we have a total of 10,000 to 20,000 daily connections of this type as there are panels that are constantly monitored and re searches refresh every 5 to 15 minutes.

They inform us that from the source server, the connections are not closed, they are stuck and this has caused multiple drops in the database server.

According to the official documentation http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/Troubleshooting
it is required to modify the db_connections.conf, the following parameters were added to the connection:

maxConnLifetimeMillis = 1800000
maxTotalConn = 8

but it seems that these configurations will only be applied to dbquerys stored using cron, and these queries are in many dashboard querying directly since they have been defined in that way without using a collect to not consume license.

Is there any recommendation to force the closure of these dbquerys ?, this connection is using version 16 sybase and connector version 7

Evidence of results will be attached per day of ENIQ connection and details of connections from source.
alt text

alt text

Tags (1)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

vchitlur
New Member
‎05-10-2018 08:55 AM

Hi,
I am also facing the problem with the database=hive2. creating a lot of connections.

Kindly have any suggestions on it.

0 Karma
Reply

efaundez
Path Finder
‎05-10-2018 09:16 AM

Hi.

   According to the documentation delivered by splunk support, http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/Troubleshooting, does not apply to my case, because the connections to the database were dbxquerys and they are not can be administered by the splunk_db_connect app. Review the official account if there is any parameter that will help you in your problem:

http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/database_typesspec

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...