I have a single search head and a single separate indexer. The app is installed on the search head and I have created a new index for the app on the indexer. So far I have been able to get a valid connection and can query the database using the dbxquery command.
However, I have not been able to get Splunk to index the data. I created a DB Input which has a valid connection and is using a query that shows the data from the database. I have tried a batch input as well as rising column, but neither log any data to the index.
Chris, as a best practice you should also be forwarding all logs from your Search Head to your indexer. See the following document:
When you run your sample query while setting up the input, do you return data?
Do you have an enterprise license installed?
Is your query set to run a certain schedule?
Have you looked at Splunk's _internal logs to see if anything is coming up related to when the query is scheduled to run?