Splunk Enterprise Version 7.0 installed and Splunk DB Connect 3.1.0.19 installed. Same LDAP for the whole group. Some people can't access the X Query. will attach a screenshot. Error in DB XQuery command invalid in search command during setup
If you find error messages from the SID, like below in search.log, then you are hitting a known issue which can be worked around by
i) timezone reset to default ( Web UI > userName > settings ) OR
ii) Add shebang to command.sh - i.e below is for db connect running on linux system.
vi splunk_app_db_connect/linux_x86_64/bin/command.sh
#!/bin/bash <--- Add this to the 1st line of the file.
Error messages in search.log
10-02-2017 17:21:42.843 INFO ChunkedExternProcessor - Running process: /opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/command.sh -Dlogback.configurationFile=../config/command_logback.xml -DDBX_COMMAND_LOG_LEVEL=ERROR -cp ../jars/command.jar com.splunk.dbx.command.DbxQueryCommand
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Failure starting process
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.
If none of above are working then please open a support case with a diag which has dispatch directory of the SID for further investigation.
If you find error messages from the SID, like below in search.log, then you are hitting a known issue which can be worked around by
i) timezone reset to default ( Web UI > userName > settings ) OR
ii) Add shebang to command.sh - i.e below is for db connect running on linux system.
vi splunk_app_db_connect/linux_x86_64/bin/command.sh
#!/bin/bash <--- Add this to the 1st line of the file.
Error messages in search.log
10-02-2017 17:21:42.843 INFO ChunkedExternProcessor - Running process: /opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/command.sh -Dlogback.configurationFile=../config/command_logback.xml -DDBX_COMMAND_LOG_LEVEL=ERROR -cp ../jars/command.jar com.splunk.dbx.command.DbxQueryCommand
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Failure starting process
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.
If none of above are working then please open a support case with a diag which has dispatch directory of the SID for further investigation.
The fix is now available in Splunk DB Connect 3.1.3