I'm learning how to utilize the DB Connect process and I'm somewhat hung up on the "Rising Column". On each execution of this query, there will potentially be duplicate data which will already have been indexed and I want to avoid re-indexing the data.
What are the requirements for this column?
Quoting from the Splunk add on for DB connect manual
A rising input has a column that DB Connect uses to keep track of what rows are new from one input execution to the next. When you create a rising input type, you must specify the rising column. You can specify rising column as any column whose value increases or decreases over time, such as a timestamp or sequential ID. For example, you can use columns such as rowid, transactionid, employeeid, customerid, last_updated, and so on.
Note that timestamps are not ideal for rising columns, though they often are the best available choice. Using a timestamp for rising column can produce the following problem conditions: