All Apps and Add-ons

Splunk DB Connect: Help with DBConnector search error

mbxray
Engager

This is for McAfee EPO Data Loss Prevention events.

I have one connector to our McAfee EPO for the EPOEvents table using Input type Rising, no errors. Using AutoID as a rising column.

SELECT * FROM (
SELECT 
(myquery)
where AutoID > ?
ORDER BY AutoID asc

When I create another connection to another table for DLP events and use the search, I get the error:
"java.sql.SQLException: Parameter #1 has not been set." using IncidentId as a rising column.

SELECT * FROM (
SELECT 
(myquery)
where IncidentId > ?
ORDER BY IncidentId asc

It gives me the error message when I use the following line, where IncidentId > ?.
Is it better not to use a sub-search?
Any help appreciated.

0 Karma

sanderdenheijer
Explorer

Have you tried the following?
Leave out line 4 and specify the rising column under: Operations - DB Inputs - [your input] - Set Parameters

0 Karma

mbxray
Engager

I cannot find Operations - DB Inputs - [your input] - Set Parameters.
I go to Data Lab , select my connection, and enter my query in the sql editor.
I've tried adding IncidentId as my RisingColumn, but to no avail.
it runs without "where IncidentId > ?". When I do add this line, I get "java.sql.SQLException: Parameter #1 has not been set."

Get Updates on the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...