All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB connect not loading data using Splunk_TA mcafee add on

RK_sp1unk
New Member
‎01-30-2020 03:42 AM

Issue:Splunk DB connect not loading data using Splunk_TA mcafee add on

connection:mcafee_epo_5_db

DB connect version:3.1

it connects to DB but no details are pulled from configured table

did searched index=mcafee sourcetype=mcafee:epo but no data ...how to resolve the same..

0 Karma
Reply

RK_sp1unk
New Member
‎02-10-2020 10:45 PM

we did test the DB connection is fine , also most of the queries are giving results but older results like of nov 2019 not of feb 2020

check point value is blank

also |tstats count where index=mcafee by sourcetype when i search this using normal search no results

also using the DB connect app no results

what needs to be checked else to resolve this issue

how can i check if there is a table permission issue , user says queries used to run and fetch the data automatically

connection is mcafee_epo_5_db

table name is "eP04_VAVSRV01"alt text

Preview file
1 KB
0 Karma
Reply

codebuilder
Influencer
‎02-10-2020 02:18 PM

Are you searching within the context of the dbconnect app, or from the more general search app context? Context makes a big difference when it comes to sourcetypes. If the latter, you'll have to update props.conf in the search app dir to include the sourcetype you're referencing.

e.g.
https://xx.xxx.xx.xx:8000/en-US/app/splunk_app_db_connect/search?q=search

vs
https://xx.xxx.xx.xx:8000/en-US/app/search/search?q=search?q=search

One easy method to verify sourcetypes within a index is to use the following:

|tstats count where index=mcafee by sourcetype
----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

adalbor
Builder
‎02-03-2020 12:54 PM

Have you tested your query in DB Connect to make sure it is correct?
If it doesn't return any results then you either have an issue with the query, permissions to the table, or the connection to the db.

0 Karma
Reply

RK_sp1unk
New Member
‎02-03-2020 09:28 PM

yes i have tested the connection to be fine , but for few tables the query is not fecthing any results for few tables it is not giving the latest details like for the last week also for last week we get no data
how can we check if the data is getting ingested

0 Karma
Reply

RK_sp1unk
New Member
‎02-02-2020 05:43 AM

it gives no results or data what next can be checked

0 Karma
Reply

RK_sp1unk
New Member
‎01-30-2020 06:11 AM

which logs and what exactly what you want me to check

0 Karma
Reply

adalbor
Builder
‎01-30-2020 06:18 AM

Well I would start by running a search index=_internal host=whateverhostrunsdbconnect log_level IN (WARN,ERROR)

0 Karma
Reply

adalbor
Builder
‎01-30-2020 06:08 AM

I would recommend you start by looking through your _internal logs for the host you have running DBConnect. Look for any specific errors related to your query or even the credentials you might be using to connect.

0 Karma
Reply

tomasmoser
Contributor
‎02-07-2020 11:45 AM

Check "Checkpoint Value" under DB Inputs & lower the value. I then started getting data.

0 Karma
Reply

RK_sp1unk
New Member
‎02-10-2020 07:48 AM

Any other scenarios we can check

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...