All Apps and Add-ons

Help setting DB Connect input timestamp using yyyy-MM-dd HH:mm:ss.SSS format


I'm trying to work with a data input using DB Connect version 3.0 and I cannot get the below input to save using the field alias 'time' that using this format :

2020-03-21 00:11:12.387

Based off this article I added these configurations to my stanza to help DB Connect identify the correct timestamp format :

input_timestamp_format = yyyy-MM-dd HH:mm:ss.SSS
output_timestamp_format = yyyy-MM-dd HH:mm:ss.SSS

*The LogEntryId is my rising column and returns as column #1
*The time column/Timestamp returns as column #2

I've also uses the below Answers suggestion to try to resolve the NULL values possible issue :

connection = TestDB
description = Test Query
disabled = 0
index = main
interval = */5 * * * *
max_rows = 1000
mode = advanced
output_timestamp_format = yyyy-MM-dd HH:mm:ss.SSS
query = SELECT le.LogEntryId AS [LogEntryId]
, [Date] AS [time]
, l.[Name] AS [Level]
, at.Name AS [Application Source]
, le.Logger AS [Logger]
, le.[Message] AS [Message]
, COALESCE(le.FullMessage, 'NA') AS [FullMessage]
, COALESCE(le.Exception, 'NA') AS [Exception]
, COALESCE(le.FullException, 'NA') AS [Full Exception]
FROM "Logging"."dbo"."LogEntry" le
JOIN "Logging"."dbo"."LevelType" l
ON l.LevelTypeId = le.LevelTypeId
JOIN "Logging"."dbo"."ApplicationSourceType" at
ON at.ApplicationSourceTypeId = le.ApplicationSourceTypeId
WHERE le.LogEntryId > '?'
AND le.LevelTypeId IN (3,4,5) -- WARN, ERROR, FATAL
AND at.[Name] != ''
ORDER BY le.LogEntryId DESC;
sourcetype = Test
tail_rising_column_number = 1
input_timestamp_column_number = 2
input_timestamp_format = yyyy-MM-dd HH:mm:ss.SSS
index_time_mode = dbColumn

0 Karma


alt text
Here's the error I'm getting when trying to save the data input configuration even though I can return events when executing the query

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...