All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Splunk DB Connect 2 in a search head cluster, should database inputs originally set on the deployer be set to disabled or enabled?

sim_tcr
Communicator
‎11-26-2015 02:02 AM

Hello,

We are using Splunk DB Connect 2 in a search head clustering environment.
Whenever we have to set up a new database input, we set up the input on the DBX2 app on the deployer (separate Splunk instance from search heads) and then do cp -rf /apps/splunk/etc/apps/splunk_app_db_connect /apps/splunk/etc/shcluster/apps
and run splunk apply shcluster-bundle -target https://nameofonesoftheearchheadclustermember:port. It gets pushed out to all search head cluster members, but the input actually runs on the captain only.

Question is, should the input we originally set on the deployer be set to disabled or left in an enabled state?

If we leave it enabled - won't the input run from two places and create issues?
If we leave it disabled - next time when there is a need to set up a new input, before pushing the new input to search heads, we have to enable all previous inputs, else all the previous inputs go to disabled state on search heads.

On a side note: Does any one have issues deleing an existing input created on the DB Connect 2 app from the GUI? I tried, but it simply wont go away, and I have deleted it from the inputs.conf.

Thanks,
Simon Mandy

Reply

stanwin
Contributor
‎01-16-2017 02:46 AM

So i think it can be enabled and deployed to all the members.

In a search head cluster, DB Connect is deployed to all cluster members, but only runs on the search head cluster captain.

http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Distributeddeployment#Search_head_clusters

0 Karma
Reply

jayannah
Builder
‎12-18-2015 01:59 PM

You disable at App level instead of individual inputs.

If we leave it disabled - next time when there is a need to set up a new input, before pushing the new input to search heads, we have to enable all previous inputs, else all the previous inputs go to disabled state on search heads.

I was able to delete the inputs successfully.

does any one have issues deleing an existing input created on the DB Connect 2 app from the GUI?

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...