All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 2: How to only collect new rows since the last update?

arjangoos
Path Finder
‎10-29-2015 07:13 AM

In DB Connect, I only want to collect the new rows since the last update. Now each time it collects the last 1000 records because that is the Max Rows to Retrieve.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎10-30-2015 06:40 AM

This is generally done by using Rising Column. I see that you have configured BOTH tail_rising_column_name and tail_rising_column_number which may be your problem (if they are not the same and splunk is giving the wrong one precedence). I would delete one of those settings and make sure that the other one is correctly pointing to a value that rises with time (such as an epoch timestamp).

0 Karma
Reply

arjangoos
Path Finder
‎10-30-2015 01:35 AM

this is my inputs.conf

[mi_input://opentunnel_acc_metrics]
connection = opentunnel_acc
index = acc_opentunnel_db
interval = 150
max_rows = 10
mode = tail
output_timestamp_format = epoch
query = SELECT * FROM "OPENTUNNEL_RUNTIME"."METRICS"
source = /opt/splunk/var/log/splunk/acc_opentunnel_db.log
sourcetype = acc_opentunnel_db
tail_follow_only = 1
tail_rising_column_name = TUNNEL_ENTRY_TS
tail_rising_column_number = 1
ui_query_catalog = NULL
ui_query_mode = advanced
ui_query_schema = OPENTUNNEL_RUNTIME
ui_query_table = METRICS
tail_rising_column_checkpoint_value = 1443682436344
input_timestamp_column_name = TUNNEL_ENTRY_TS
input_timestamp_column_number = 17

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...