Why am I getting Splunk DB Connect ERROR Without E...

cdstealer · ‎04-05-2022

Hi, I'm getting these errors in splunkd.log each time the query is executed.

04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750 [metrics-logger-reporter-1-thread-1] INFO com.splunk.dbx.connector.health.impl.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/table;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds
04-05-2022 18:01:48.750 +0100 ERROR ExecProcessor [8917 ExecProcessorSchedulerThread] - message from "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/dbxquery.sh" 17:01:48.750  [metrics-logger-reporter-1-thread-1] INFO  c.s.d.c.h.i.ConnectionPoolMetricsLogReporter - type=TIMER, name=unnamed_pool_-382175356_jdbc__jtds__sqlserver__//servername__212/mantis;useCursors__true;domain__xxx.com;useNTLMv2__true.pool.Wait, count=12, min=0.120249, max=36.824436, mean=1.0705702234360484, stddev=0.028345392065423972, p50=1.06918, p75=1.06918, p95=1.06918, p98=1.06918, p99=1.06918, p999=1.648507, m1_rate=2.79081711035706E-30, m5_rate=1.1687825901066073E-8, m15_rate=2.6601992470705972E-5, mean_rate=5.566605761092861E-4, rate_unit=events/second, duration_unit=milliseconds

Unfortunately I can see nothing pertaining to what the actual error is. If I use SQL Explorer, I can connect and pull data back without issue. However, the data that is collected is very sporadic if at all.

We have a second DB connection running the same query etc without issue.

We're using Splunk 8.2.3.2 and db_connect 3.7.0

TIA

Steve

tscroggins · ‎04-17-2022

@cdstealer

This doesn't appear to be an issue with your configuration. Rather, it appears to be a bug in Splunk DB Connect's implementation of SLF4J logging.

The INFO messages are most likely being handled by the console and written to stderr. Anything written to stderr by a child process of splunkd will be logged to splunkd.log as an ERROR message.

If you have Splunk support you can report this as a defect in a new case.

cdstealer · ‎04-18-2022

Thanks @tscroggins I see there is an update to db connect. I will get that done and see what happens 🙂

joshiro · ‎10-18-2022

We are having the same issue on Splunk Enterprise 9.0.1 and DB Connect 3.7.0.
Have you managed to get it fixed?

cdstealer · ‎10-27-2022

Hi @joshiro, Apologies for the delay in replying. The issue looks to have stopped and I have my suspicions that something was changed on the DB server (quite recently) as nothing has changed from a Splunk POV.

What has changed I couldn't tell you. If I do uncover it, I'll update here.

The only thing I could suggest if updating your version of the app. I couldn't get 3.10 to work, so stuck with 3.9.0.

Sorry it's not a fix.

Steve

Why am I getting Splunk DB Connect ERROR Without Error?

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation