All Apps and Add-ons
Highlighted

Splunk DB Connect: Help with DBConnector search error

Engager

This is for McAfee EPO Data Loss Prevention events.

I have one connector to our McAfee EPO for the EPOEvents table using Input type Rising, no errors. Using AutoID as a rising column.

SELECT * FROM (
SELECT 
(myquery)
where AutoID > ?
ORDER BY AutoID asc

When I create another connection to another table for DLP events and use the search, I get the error:
"java.sql.SQLException: Parameter #1 has not been set." using IncidentId as a rising column.

SELECT * FROM (
SELECT 
(myquery)
where IncidentId > ?
ORDER BY IncidentId asc

It gives me the error message when I use the following line, where IncidentId > ?.
Is it better not to use a sub-search?
Any help appreciated.

0 Karma
Highlighted

Re: Splunk DB Connect: Help with DBConnector search error

Have you tried the following?
Leave out line 4 and specify the rising column under: Operations - DB Inputs - [your input] - Set Parameters

0 Karma
Highlighted

Re: Splunk DB Connect: Help with DBConnector search error

Engager

I cannot find Operations - DB Inputs - [your input] - Set Parameters.
I go to Data Lab , select my connection, and enter my query in the sql editor.
I've tried adding IncidentId as my RisingColumn, but to no avail.
it runs without "where IncidentId > ?". When I do add this line, I get "java.sql.SQLException: Parameter #1 has not been set."