All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1

rapmancz
Explorer
‎02-01-2021 10:42 AM

Hello, I am getting "Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1."  for every search in Splunk DB connect app.  Already configured inputs are indexed, but when I try to run any searches by hand, I always get this failure. I can not also add any new input.

I am using Splunk DB connect 3.4.2 with MySQL database.  The data is indexed so I am sure the connection is working, I can also select image.png

Labels (1)
Labels
Tags (1)
0 Karma
Reply

David888
Engager
‎10-03-2024 01:51 PM

I had this issue today. I tried the few things suggested here. None fixed my problem. I looked in the _internal index for possible error messages. I found  "The certificate chain length (11) exceeds the maximum allowed length (10)"

I changed the limit to 15 and my issue was fixed. 
Under Configurations -> Setting  -> Query Server JVM Options 
I entered -Djdk.tls.maxCertificateChainLength=15

 

--Hope this helps 

0 Karma
Reply

thuhuongle
Explorer
‎09-16-2021 03:08 AM

Hi,
I have faces the same error with version 3.4.0. After verification installed drivers  (JDBC connetion and java home path). We did upgrade to 3.6.0 and restart Splunk. Problem resoved.

0 Karma
Reply

AshChakor
Path Finder
‎05-14-2021 06:16 AM

I am getting same error after upgrading  to Splunk 8.1.3 version. we don't have commands.conf under local. Any suggestions please? 

Thanks in advance!

0 Karma
Reply

rahmatn
Path Finder
‎05-18-2021 02:56 AM

Have you find it under default ? 

0 Karma
Reply

rahmatn
Path Finder
‎04-14-2021 01:51 AM

in my case just put "#" in front of

[dbxquery]

filename = java.path

in local/commands.conf

Reply

FreelanceRob
Engager
‎07-05-2022 01:15 AM

Solved! Thank you very much!

0 Karma
Reply

martaBenedetti
Path Finder
‎03-31-2022 05:48 AM

Same problem, worked for me!

Thanks a lot rahmatn!

0 Karma
Reply

resmungo
Explorer
‎06-17-2022 06:47 AM

Same here. Thank you!

0 Karma
Reply

hpbrand
Explorer
‎03-23-2021 07:19 AM

Hi, had the same problem.  After weeks of troubleshooting I found following entry under default/commands.conf

####### uncomment following lines to revert dbxquery to 3.2.0 version
# [dbxquery]
# run_in_preview = false
# filename = java.path
# chunked = true
# command.arg.1 = -Dlogback.configurationFile=../config/command_logback.xml
# command.arg.2 = -DDBX_COMMAND_LOG_LEVEL=INFO
# command.arg.3 = -cp
# command.arg.4 = ../jars/dbxquery.jar
# command.arg.5 = com.splunk.dbx.command.DbxQueryCommand

Gave it  a try and copied all over to local/commands.conf and it works.

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...