All Apps and Add-ons

Why am I getting Splunk DB Connect ERROR Without Error?

cdstealer
Contributor

Hi,  I'm getting these errors in splunkd.log each time the query is executed.

04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750 [metrics-logger-reporter-1-thread-1] INFO com.splunk.dbx.connector.health.impl.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/table;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds
04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750  [metrics-logger-reporter-1-thread-1] INFO  c.s.d.c.h.i.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/mantis;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds

Unfortunately I can see nothing pertaining to what the actual error is.  If I use SQL Explorer, I can connect and pull data back without issue.  However, the data that is collected is very sporadic if at all.

We have a second DB connection running the same query etc without issue.

We're using Splunk 8.2.3.2 and db_connect 3.7.0

TIA

Steve

Labels (1)
0 Karma

tscroggins
Motivator

@cdstealer 

This doesn't appear to be an issue with your configuration. Rather, it appears to be a bug in Splunk DB Connect's implementation of SLF4J logging.

The INFO messages are most likely being handled by the console and written to stderr. Anything written to stderr by a child process of splunkd will be logged to splunkd.log as an ERROR message.

If you have Splunk support you can report this as a defect in a new case.

0 Karma

cdstealer
Contributor

Thanks @tscroggins I see there is an update to db connect.  I will get that done and see what happens 🙂

0 Karma

joshiro
Communicator

We are having the same issue on Splunk Enterprise 9.0.1 and DB Connect 3.7.0.
Have you managed to get it fixed?

0 Karma

cdstealer
Contributor

Hi @joshiro,  Apologies for the delay in replying.  The issue looks to have stopped and I have my suspicions that something was changed on the DB server (quite recently) as nothing has changed from a Splunk POV. 

What has changed I couldn't tell you.  If I do uncover it, I'll update here.

The only thing I could suggest if updating your version of the app.  I couldn't get 3.10 to work, so stuck with 3.9.0.

Sorry it's not a fix.

 

Steve

Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...