All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

[Indexer_Name] Streamed search execute failed because: Error in 'script': Getinfo probe failed for external search command 'dbxquery'

ishaanshekhar
Communicator
‎10-11-2015 09:56 PM

alt text

I have SPLUNK 6.3 version and have 4 indexers in the cluster. I installed SPLUNK DB Connect v2 app on the standalone dev SH.

I added a DB connection in the app, which was successfully tested (showed schema names in the preview). Then, I gave read permission to "All Apps" for the SPLUNK DB Connect 2 app (using Manage Apps), the Identity (in DBconnect 2 app), and the DB Connection (in DBconnect 2 app).

However, when I run an adhoc search query in the Search app, I get 4 errors, one for my 4 indexers each indexer.

I am wondering, why the Search app is looking in my indexers? After all, it is an adhoc db query.

P.S. The Splunk DB Connect 2 app is only installed in my standalone dev SH, not on the Indexers.

Please help!

Thanks
Ishaan

Preview file
124 KB
Reply
1 Solution
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎10-12-2015 10:16 AM

per todd_miller, this is a newly introduced bug -- please open a support ticket so we can be sure to update you on the fix.

View solution in original post

Reply
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎10-12-2015 10:16 AM

per todd_miller, this is a newly introduced bug -- please open a support ticket so we can be sure to update you on the fix.

Reply
Solved! Jump to solution

ishaanshekhar
Communicator
‎10-15-2015 07:39 AM

Thanks a lot, @jcoates_splunk !

I updated to 2.0.6 and it is working fine now 🙂

Regards,
Ishaan

0 Karma
Reply
Solved! Jump to solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎10-14-2015 01:49 PM

DB Connect 2.0.6 released. http://docs.splunk.com/Documentation/DBX/latest/ReleaseNotes/Releasenotes

Reply
Solved! Jump to solution

todd_miller
Communicator
‎10-12-2015 05:43 AM

I think a few people are getting this error (myself included) but just for due-diligence, please check your 'commands.conf' file in the DBXv2 "default" directory and make sure that local is set to true. I don't think it matters but it's still worth validating.

0 Karma
Reply
Solved! Jump to solution

ishaanshekhar
Communicator
‎10-12-2015 06:22 AM

Not working; (It is set to true already).
$ pwd
SPLUNK_HOME/etc/apps/splunk_app_db_connect/default
$ cat commands.conf
[dbxquery]
filename = dbxquery.py
supports_getinfo = true
supports_rawargs = true
passauth = true
run_in_preview = false
local = true

Any other suggestion, please!

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...