All Apps and Add-ons

Why does the database tag return nothing with Splunk ITSI when using Splunk Add-on for SQL Server?

Kendo213
Communicator

I have the Splunk Addon for SQL Server installed on some SQL servers and search heads. We have active SQL servers sending in data, however none of it is being tagged as database by Splunk ITSI / the TA. Because of this, none of the default built-in KPIs for database are working in ITSI (tag=database returns nothing).

Any ideas?

1 Solution

skoelpin
SplunkTrust
SplunkTrust

The short answer is, you should not use the out-of-box database service. A few reasons for this is, you can't modify any of the KPI's, it's default to run every minute, and it depends on tags to get its data which in-turn has higher performance issues. A better solution would be to clone that service and add new searches that don't rely on tags.

If you were 100% committed to using the out-of-box services, you could tag your events on the forwarder so the out-of-box KPI's will populate

View solution in original post

0 Karma

skoelpin
SplunkTrust
SplunkTrust

The short answer is, you should not use the out-of-box database service. A few reasons for this is, you can't modify any of the KPI's, it's default to run every minute, and it depends on tags to get its data which in-turn has higher performance issues. A better solution would be to clone that service and add new searches that don't rely on tags.

If you were 100% committed to using the out-of-box services, you could tag your events on the forwarder so the out-of-box KPI's will populate

View solution in original post

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!