Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk DB Connect 2: How to troubleshoot error "Sc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk DB Connect 2: How to troubleshoot error "Script execution failed for external search command 'dbxquery'"
Error in 'script': Script execution failed for external search command 'dbxquery'
My Setup:
I just recently set up a local instance of Splunk Enterprise on my computer. Version: 6.4.1
I also just set up Splunk DB Connect 2 on this same computer. Version: 2.2.0
The server I'm connected to is an Oracle server and I have the most recent drivers (oracle/oracle_service): Version: 11.2
I get this error when I run one of my more lengthy queries against a server I'm connected to. I know the problem doesn't exist on the server end because the same query can be run from a non-local instance of Splunk with success. I also know it's not my connection or credentials because I can run other queries that are shorter without any problem. So it seems to me that there must be something wrong with some part of my settings/install/missing files. I've also tried changing the size allocated by the jvm settings.
If anyone can help me diagnose this that'd be great! Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by "smaller"? If you mean that it works when you pull in a few results but fails when you try to pull in a larger set of results, then you are running into the fact that Splunk HARD-CODED an arbitrary limit into dbxquery.py. Here is another Q&A that shows how to bypass it:
https://answers.splunk.com/answers/233222/splunk-db-connect-2-dbxquery-only-returns-1001-row.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check the dbx2.log (not automatically splunked):
http://docs.splunk.com/Documentation/DBX/2.2.0/DeployDBX/Troubleshooting
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dbx2.log isn't recording anything about the long query I'm trying to run. Not an error. Not even an entry with a timestamp. However, when I run a smaller query it seems to be logging correctly.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
