All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I configure DB Connect Outputs to send data from a search head?

vxb4892
Engager
‎12-31-2018 10:08 AM

I currently have a connection set up from my Splunk search head(SH) in DB Connect to an external database where I'm trying to export the results of a Splunk search. The search works correctlyd. I have both read and write permissions to the relevant database and the target tables, my fields are mapped correctly, and I'm not seeing any errors in my internal db logs. The issue is, however, that despite everything appearing to work on the surface, I'm not seeing any data appear in the DB table as expected.

The data source for the search is indexed via an Http Event Collector connection. The goal is to take this indexed data, perform some aggregate calculations, and then export the result to another Database. I am able to access this index through my SH, but not through my Heavy Forwarder(HF). How can I get this data exported to this database? If it's not possible directly from the SH, then is there a way for me to first send the data to the HF and then establish a DB Connect connection from there?

Any and all help would be much appreciated!

0 Karma
Reply

scc00
Contributor
‎01-14-2019 12:55 PM

How is it configured currently within the SH? Do you have DBConnect installed there? How have you set it up to be forwarded?

0 Karma
Reply

woodcock
Esteemed Legend
‎01-09-2019 05:04 PM

What version of dbconnect are you using? What is your search SPL (or at least the last 2 pipes of it)?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-10-2019 04:46 AM

Have you looked at the search log (via Job Inspector) to see what errors, if any, are reported?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...