Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk DB Connect upgrade: SQL Query for pulling O...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk DB Connect upgrade: SQL Query for pulling Oracle audit trails stopped working
After upgrading to DBX 3.1.1 from DBX 2.3.x My SQL query for pulling Oracle audit trails no longer works. I'm using a converted time stamp based off of the event time stamp for the rising column, and I've added in the additional WHERE statement to the query, per the guidelines. The query works in batch mode, but errors out when I select rising column. Any help would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It turns out that I found a bug with support. They went back to the developers and we have a work around.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have the similar issue on DB Connect 2.4.x as well.
Could you please share the workaround?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So others might benefit, please share the workaround.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To work around the rising column issue non indexable columns need to be skipped in the sql query. (For me this was specifically for the audit trails on an Oracle Exadata). This was done by editing the sql queries manually in the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local directory in the db_inputs.conf file
Skipping columns causes a shift in the rising column index, so the checkpoint files need to be cleaned up as well. These files are under $SPLUNK_HOME/var/lib/splunk/modinputs/server/splunk_app_dbconnect
Note: Some of the above files and locations do NOT exist until the app is upgraded, and the migration completed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the error that I'm getting: java.sql.SQLException: Missing IN or OUT parameter at index:: 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any updates on the resolution please?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
