All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1

rapmancz
Explorer
‎02-01-2021 10:42 AM

Hello, I am getting "Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1."  for every search in Splunk DB connect app.  Already configured inputs are indexed, but when I try to run any searches by hand, I always get this failure. I can not also add any new input.

I am using Splunk DB connect 3.4.2 with MySQL database.  The data is indexed so I am sure the connection is working, I can also select image.png

Labels (1)
Labels
Tags (1)
0 Karma
Reply

David888
Engager
‎10-03-2024 01:51 PM

I had this issue today. I tried the few things suggested here. None fixed my problem. I looked in the _internal index for possible error messages. I found  "The certificate chain length (11) exceeds the maximum allowed length (10)"

I changed the limit to 15 and my issue was fixed. 
Under Configurations -> Setting  -> Query Server JVM Options 
I entered -Djdk.tls.maxCertificateChainLength=15

 

--Hope this helps 

0 Karma
Reply

thuhuongle
Explorer
‎09-16-2021 03:08 AM

Hi,
I have faces the same error with version 3.4.0. After verification installed drivers  (JDBC connetion and java home path). We did upgrade to 3.6.0 and restart Splunk. Problem resoved.

0 Karma
Reply

AshChakor
Path Finder
‎05-14-2021 06:16 AM

I am getting same error after upgrading  to Splunk 8.1.3 version. we don't have commands.conf under local. Any suggestions please? 

Thanks in advance!

0 Karma
Reply

rahmatn
Path Finder
‎05-18-2021 02:56 AM

Have you find it under default ? 

0 Karma
Reply

rahmatn
Path Finder
‎04-14-2021 01:51 AM

in my case just put "#" in front of

[dbxquery]

filename = java.path

in local/commands.conf

Reply

FreelanceRob
Engager
‎07-05-2022 01:15 AM

Solved! Thank you very much!

0 Karma
Reply

martaBenedetti
Path Finder
‎03-31-2022 05:48 AM

Same problem, worked for me!

Thanks a lot rahmatn!

0 Karma
Reply

resmungo
Explorer
‎06-17-2022 06:47 AM

Same here. Thank you!

0 Karma
Reply

hpbrand
Explorer
‎03-23-2021 07:19 AM

Hi, had the same problem.  After weeks of troubleshooting I found following entry under default/commands.conf

####### uncomment following lines to revert dbxquery to 3.2.0 version
# [dbxquery]
# run_in_preview = false
# filename = java.path
# chunked = true
# command.arg.1 = -Dlogback.configurationFile=../config/command_logback.xml
# command.arg.2 = -DDBX_COMMAND_LOG_LEVEL=INFO
# command.arg.3 = -cp
# command.arg.4 = ../jars/dbxquery.jar
# command.arg.5 = com.splunk.dbx.command.DbxQueryCommand

Gave it  a try and copied all over to local/commands.conf and it works.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...