Re: SPLUNK DB Connect Restart Issue

Amirahussein · ‎11-18-2019

Dears
I have an urgent Question regarding SPLUNK DB Connect module

we have SPLUNK DB connect module installed on a standalone Virtual machine, we restarted SPLUNK service on this VM. After restarting the service we found that some inputs stopped getting data automatically and stopped showing data on SPLUNK search-head machine however when running the query from SQL Editor we found data.
There are more than one input assigned to 1 connection, some of them are working normally and the others are stopped as mentioned above

we applied below mentioned work around separately:
1. We tried to run the query once manually in SPLUNK search using dbxquery and returns data, after that the inputs started to get data again every 5 minutes as it was saved and working automatically.
2. We created new connection (copy from the existing one) to this input and the input worked again automatically.
3. We changed the execution frequency from crontab to number of seconds. (instead of: */5 * * * * to: 300) and vice versa after it stopped again

each solution work temporary for a while and the inputs stopped again.

harsmarvania57 · ‎11-18-2019

Hi,

Have you looked at DB connect logs ? You can start with splunk query index=_internal host=DB_CONNECT_SERVER sourcetype IN(dbx_server,dbx_audit) and check logs whether query is failing or it is not running at all at scheduled interval ?

SPLUNK DB Connect Restart Issue

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor