Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Why does Splunk DB Connect not forward any eve...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I had 1 search head (SH) on which i installed Splunk DB connect everything was working fine.
Recently, i added 2 more SH and put them in a cluster mode.
However, i used the deployer to install Splunk DB Connect on the 2 other SH but since then db connect doesn't forward any data to the indexer cluster. The last event i have is the one sent with the Stand alone SH
I checked that my index is created also that the connection is fine.
Here is log that i have:
2017-05-24T05:01:29+0200 [INFO] [mi_base.py], line 188: action=caught_exception_in_modular_input_with_retries modular_input=mi_input://answers-oab retrying="6 of 6" error=Request failed: Session is not logged in. Traceback (most recent call last): File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/mi_base.py", line 177, in run should_execute = runner.pre_run() File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/mi_base.py", line 107, in pre_run should_execute = self.clustering_precheck() File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/mi_base.py", line 92, in clustering_precheck is_clustering_enabled = shc_cluster_config.is_clustering_enabled() File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/shc_cluster_config.py", line 17, in is_clustering_enabled mode = self.content['mode']
I added an outputs.conf on the SH but it doesn't work.
I'm really stuck with this!
Thanks for your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I could resolve the error by running the DB input script on the Search head captain.
If you install DB connect in a SH cluster, run your scripts from the captain only.
It's recommanded if you have a large amount of data in your DB connect to use a heavy forwarder instance to manage it.
Hope that helps guys.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I could resolve the error by running the DB input script on the Search head captain.
If you install DB connect in a SH cluster, run your scripts from the captain only.
It's recommanded if you have a large amount of data in your DB connect to use a heavy forwarder instance to manage it.
Hope that helps guys.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Gomelsar - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". Thanks!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
