Installed Splunk DB Connect 2 with Splunk Enterprise on the server with the search head, configured and attached to 2 different databases. I created two DB Inputs which populated the target index, but now, whenever I access one of the DB Inputs in the GUI, I get an error while validating the connection. The errors that display are "splunkd timeout' followed by "internal server error". In the dbx2.log I see the following entries:
09-04-2015 19:50:26.286 +0000 WARN TransformsExtractionHandler - Unable to find stanza=guid_lookup.csv in lookups.conf, cannot enumerate fields list
09-04-2015 19:50:26.287 +0000 WARN TransformsExtractionHandler - Unable to find stanza=sid_lookup.csv in lookups.conf, cannot enumerate fields list
09-04-2015 19:50:58.751 +0000 WARN HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/nobody/splunk_app_db_connect/db_connect/connections/-/status: Broken pipe
09-04-2015 19:51:05.889 +0000 WARN HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/admin/-/db_connect/explore/B92FBDO: Broken pipe
09-04-2015 19:51:05.923 +0000 WARN HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/admin/-/db_connect/explore/B92FBDO/NULL: Broken pipe
09-04-2015 19:51:05.973 +0000 WARN HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/admin/-/db_connect/explore/B92FBDO/NULL/undefined: Broken pipe
09-04-2015 19:51:51.274 +0000 ERROR HttpListener - Exception while processing request from 135.28.59.143 for /en-US/custom/splunk_app_db_connect/proxy/servicesNS/admin/-/db_connect/explore/B92FBDO?output_mode=json&count=-1&_=1441396220720: Connection closed by peer
09-04-2015 19:51:51.276 +0000 ERROR HttpListener - Handler for /en-US/custom/splunk_app_db_connect/proxy/servicesNS/admin/-/db_connect/explore/B92FBDO?output_mode=json&count=-1&_=1441396220720 sent a 0 byte response after earlier claiming a Content-Length of 216!
Didn't find anything in Answers that fit this situation. Am at a loss as to what is causing this and how to fix it. Any suggestions/help would be appreciated.
thanks
I resolved this current issue by reverting to the DBConnect V1 version. The issue doesn't appear to be occurring with that version.
Initially everything worked then it stopped, The error for me is undefined database. Skunkd keeps timing out.
Seems to be a problem for me only on a server. My local machine connects just fine.
I resolved this current issue by reverting to the DBConnect V1 version. The issue doesn't appear to be occurring with that version.
You could start with the troubleshooting guide. http://docs.splunk.com/Documentation/DBX/2.0.4/DeployDBX/Troubleshooting
guid_lookup.csv is a stanza in the transforms, never heard of a lookups.conf, not in DBX2 deployment on my machine. But this may not be related to your main issue.
The socket errors look like errors seen elsewhere if the application tries to allocate a port that is already used. Or it may be trying to use a port that was not established properly. - Not much to go on, but a start.
It may be worth validating that the sql connection and sql query is valid for B92FBDO