All Apps and Add-ons

Splunk DB Connect: What does the "host" field mean in dbmon-dump stanza?

caagrawal
New Member

I am studying our Splunk configuration and I found the following stanza on our Splunk indexer. Can you please help me understand what does the host field indicate here? Note that 'host' value is different than indexer. It's the value of one of hosts in the same subnet with the universal forwarder. Also, we have all DB details in database.conf under /etc/apps/dbx/local/

[dbmon-dump://MYDB/MySearch]
host = xxx.yyyyy.zzz.com
index = main
output.format = kv
output.timestamp = 1
sourcetype = mysourcetype
table = MYUSER.MYTABLE
interval = 3600

Does that mean the dbmon-dump query will actually run on 'host'? Who will run that? Splunk Forwarder on 'host'?

0 Karma

somesoni2
Revered Legend

The dbmon dump will run on the Indexer (server which has the configuration inputs.conf), execute the query your specified, and attach the host metadata field as the value specified in the configuration inputs.conf and store in Splunk. You're basically overriding the host name, which will default to the server (indexer here) where the dbmon query is running. In general, the host name you specified will be the name of the database server.

0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...