All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

When setting up the DB Connect App, does it have to be installed on the server where the search is executed as well as the indexer?

damucka
Builder
‎11-19-2018 01:03 AM

Hello,

A colleague, who is a Splunk admin in our company, installed the DB Connect App. Now, I would like to use it not only to create inputs and read from them but also for real time queries, which would produce tables that are directly consumable in my dashboard.

The point is that when I execute the dbxquery on the indexer, where the DB Conn App has been installed, all works fine. I can also open it in the search there.

But when I try to execute the dbxquery where I actually would like to, in the search server, I get the following error:

Search Factory: Unknown search command 'dbxquery'.

Also, the dbxquery command does not appear in blue there as on the indexer, which I guess means it is not recognized.

Could you please confirm, that the DB Conn App has to be installed also on the server where the search is executed? I mean not only on the indexer?

Kind Regards,
Kamil

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎11-19-2018 01:32 AM

Yes, you need to have dbconnect installed and configured with relevant identities and connections on the actual machine where you use the dbxquery command.

Typically you'd install it in two places:
- Heavy Forwarder for scheduled inputs that import data base content into Splunk
- Search Head(s) / Search Head Cluster for dbxquery command

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎11-19-2018 01:32 AM

Yes, you need to have dbconnect installed and configured with relevant identities and connections on the actual machine where you use the dbxquery command.

Typically you'd install it in two places:
- Heavy Forwarder for scheduled inputs that import data base content into Splunk
- Search Head(s) / Search Head Cluster for dbxquery command

0 Karma
Reply
Solved! Jump to solution

damucka
Builder
‎11-19-2018 04:46 AM

Hello Frank,

Thank you.
Is there any possibility to access the Indexer from the Search Head to execute the dbxquery?
My Splunk Admin colleague would not like to install the DB Conn App on the Search Head as there is no disk volume there for my data.

Also, if this is not possible, would it work when I define the Input on the Indexer and access it from the Search Head?

Kind regards,
Kamil

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎11-19-2018 04:51 AM

What exactly do you mean by "there is no disk volume there for my data"? What data? What search (incl. dbxquery) are you running exactly?

You could run DB Connect on a heavy forwarder, to periodically query the database and then forward the results to your indexer(s) for indexing. Then you can search that indexed data from your searchhead.

0 Karma
Reply
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...