All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Using Splunk DB Connect 2 in a search head cluster, should database inputs originally set on the deployer be set to disabled or enabled?

sim_tcr
Communicator
‎11-26-2015 02:02 AM

Hello,

We are using Splunk DB Connect 2 in a search head clustering environment.
Whenever we have to set up a new database input, we set up the input on the DBX2 app on the deployer (separate Splunk instance from search heads) and then do cp -rf /apps/splunk/etc/apps/splunk_app_db_connect /apps/splunk/etc/shcluster/apps
and run splunk apply shcluster-bundle -target https://nameofonesoftheearchheadclustermember:port. It gets pushed out to all search head cluster members, but the input actually runs on the captain only.

Question is, should the input we originally set on the deployer be set to disabled or left in an enabled state?

If we leave it enabled - won't the input run from two places and create issues?
If we leave it disabled - next time when there is a need to set up a new input, before pushing the new input to search heads, we have to enable all previous inputs, else all the previous inputs go to disabled state on search heads.

On a side note: Does any one have issues deleing an existing input created on the DB Connect 2 app from the GUI? I tried, but it simply wont go away, and I have deleted it from the inputs.conf.

Thanks,
Simon Mandy

Reply

stanwin
Contributor
‎01-16-2017 02:46 AM

So i think it can be enabled and deployed to all the members.

In a search head cluster, DB Connect is deployed to all cluster members, but only runs on the search head cluster captain.

http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Distributeddeployment#Search_head_clusters

0 Karma
Reply

jayannah
Builder
‎12-18-2015 01:59 PM

You disable at App level instead of individual inputs.

If we leave it disabled - next time when there is a need to set up a new input, before pushing the new input to search heads, we have to enable all previous inputs, else all the previous inputs go to disabled state on search heads.

I was able to delete the inputs successfully.

does any one have issues deleing an existing input created on the DB Connect 2 app from the GUI?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...