All Apps and Add-ons

Why am I getting Splunk DB Connect ERROR Without Error?

cdstealer
Contributor

Hi,  I'm getting these errors in splunkd.log each time the query is executed.

04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750 [metrics-logger-reporter-1-thread-1] INFO com.splunk.dbx.connector.health.impl.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/table;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds
04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750  [metrics-logger-reporter-1-thread-1] INFO  c.s.d.c.h.i.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/mantis;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds

Unfortunately I can see nothing pertaining to what the actual error is.  If I use SQL Explorer, I can connect and pull data back without issue.  However, the data that is collected is very sporadic if at all.

We have a second DB connection running the same query etc without issue.

We're using Splunk 8.2.3.2 and db_connect 3.7.0

TIA

Steve

Labels (1)
0 Karma

tscroggins
Motivator

@cdstealer 

This doesn't appear to be an issue with your configuration. Rather, it appears to be a bug in Splunk DB Connect's implementation of SLF4J logging.

The INFO messages are most likely being handled by the console and written to stderr. Anything written to stderr by a child process of splunkd will be logged to splunkd.log as an ERROR message.

If you have Splunk support you can report this as a defect in a new case.

0 Karma

cdstealer
Contributor

Thanks @tscroggins I see there is an update to db connect.  I will get that done and see what happens 🙂

0 Karma

joshiro
Communicator

We are having the same issue on Splunk Enterprise 9.0.1 and DB Connect 3.7.0.
Have you managed to get it fixed?

0 Karma

cdstealer
Contributor

Hi @joshiro,  Apologies for the delay in replying.  The issue looks to have stopped and I have my suspicions that something was changed on the DB server (quite recently) as nothing has changed from a Splunk POV. 

What has changed I couldn't tell you.  If I do uncover it, I'll update here.

The only thing I could suggest if updating your version of the app.  I couldn't get 3.10 to work, so stuck with 3.9.0.

Sorry it's not a fix.

 

Steve

Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...