All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I configure DB Connect to Forward Events

jakesony
Explorer
‎06-20-2013 06:04 PM

Hi,

I'm sure there is an easy answer to this. I have installed DB Connect on a search head and have it configured to watch a particular table. Setup saves without errors and I can see that the polling is active in dbx.log

I want to forward the events that DBC is picking up to my indexers. How do I do that? I don't want the search head to index the events itself, I just want to forward them on.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-20-2013 10:48 PM

You need to configure an outputs.conf on your machine to forward to the indexers. Once you have an outputs.conf set up correctly, the instance will forward accordingly. It's okay to do this on a search head if load is light, but I would suggest you consider having a dedicated Splunk forwarder instance instead for collecting the data and then forwarding it.

(Do not simply enable your search head with the Forwarder or LightForwarder app. This will let you collect and forward data, yes, but it will also do things like disable the GUI that you would not want to happen on a search head.)

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-20-2013 10:48 PM

You need to configure an outputs.conf on your machine to forward to the indexers. Once you have an outputs.conf set up correctly, the instance will forward accordingly. It's okay to do this on a search head if load is light, but I would suggest you consider having a dedicated Splunk forwarder instance instead for collecting the data and then forwarding it.

(Do not simply enable your search head with the Forwarder or LightForwarder app. This will let you collect and forward data, yes, but it will also do things like disable the GUI that you would not want to happen on a search head.)

Reply
Solved! Jump to solution

jakesony
Explorer
‎06-21-2013 11:38 AM

Thank you. Works. I had only configured UFs before, so I was unsure what to do configuring the search head to forward.

0 Karma
Reply
Solved! Jump to solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎06-20-2013 06:14 PM

Hi. It depends how you want to use the data... For instance, if you want it to be a lookup, you could outputlookup and then let Splunk take care of the rest.

0 Karma
Reply
Solved! Jump to solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎06-20-2013 09:08 PM

I see. You need to configure an input then, http://docs.splunk.com/Documentation/DBX/1.0.10/DeployDBX/inputsspec

0 Karma
Reply
Solved! Jump to solution

jakesony
Explorer
‎06-20-2013 08:22 PM

The data that I'm trying to extract from the DB is log data. I would like to see when I search in Splunk just like other events that I'm indexing.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...