All Apps and Add-ons

What's the correct way to get real-time continuous output using DB Connect v2?

AlgenolSupport
New Member

It looks like the smallest Execution Frequency allowed as 1 second, which is close enough for my purposes, but I keep getting duplicate results entered into the database. Is there something with the search term that needs to be specific? How does it know if it already output a specific event? I've been working on this for awhile with no other options at this point. Thanks for anything that can point me in the right direction!

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi,

you'll need to use a tailing input and a rising column to prevent duplication. If you don't have a row id column to use, it will not be as good. Using timestamp as a rising column is less-than-ideal, but sadly common. It's less than ideal because of two big reasons:
1) daylight savings / timezones / epochal vs local
2) multiple events with same timestamp
If you don't care about or can guarantee that you will avoid both of those, proceed at will.

dwtung
Explorer

How do you set this up? I have the same issue. In the database table I am outputting to, I have a _time, device_type and user_id columns. I only want 1 record per user_id and device_type, but the _time column is also unique.

Also, I tried putting a unique index on the DB table, but when it errors on insert it aborts the entire batch

0 Karma

AlgenolSupport
New Member

I actually did not mean to mark this as accepted. My question was about real-time continuous OUTPUT. The answer provided looks to be for input from a DB.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...