All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I start a new Splunk DB Connect 2 input without getting all the rows initially?

mfscully
Explorer
‎12-16-2015 02:41 PM

I want to start a new DB Connect input for a table that has two months of data. I only want to grab the last day initially when I set up the new DB Connect input. Where do I set the initial rising setting?

0 Karma
Reply

igritsak
Engager
‎10-12-2016 08:04 AM

I just did the same process with DB Connect v2. I was migrating from DB Connect v1 (DBX) to the new app but already had 50K+ rows in Splunk.

From the Splunk docs here's the particular line:

A checkpoint value: The checkpoint value is how DB Connect determines what rows are new from one input execution to the next. The first time the input is run, DB Connect will only select those rows that contain a higher value in the checkpoint column than the checkpoint value you specify. Each time the input is finished running, DB Connect updates the input's checkpoint value with the value in the last row of the checkpoint column.

http://docs.splunk.com/Documentation/DBX/2.3.1/DeployDBX/Createandmanagedatabaseinputs

So in my case, I entered the highest value that Splunk already had indexed after I turned off the DB Connect v1 plugin.

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎12-16-2015 06:45 PM

In DBX V2, there appears to be a "Checkpoint Value" in the section "Specify Rising Column" in the docs here. I don't have DBX2 available at the moment to confirm, but it seems likely that should do what you want.

You might also be able to use a custom SQL query - I think DB connect v2 does it like DB connect V1, so you could see the answer here on some ways to adjust the SQL to make it do what you want.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-16-2015 06:44 PM

It looks like there is a setting for MAX_ROWS or max_rows in one of the configuration files.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...