All Apps and Add-ons

how to use DB CONNECT 2

Explorer

I have installed DB CONNECT 2 in splunk ,and completed the configuration of identity and connection ,after choosing a schema and table inputs ,I don't know how to search with db connect ,how to analysis the input table ,can somebody give some advice? thanks

Tags (1)

Esteemed Legend

Try this:

 |dbxquery connection=p11_inputs query="SELECT * FROM \"SYS\".\"DBA_LOBS\""

Or better yet, this:

 |dbxquery connection=p11_inputs query="SELECT * FROM SYS.DBA_LOBS"
0 Karma

Esteemed Legend

Did you watch the video that goes with it? The video is very step-by-step covering what to do once you get it installed. To get it installed, you need to install the app, install Java and install an appropriate driver for your DB. Then to get data you need to create an Identity (userID & PW) and a connection (IP & port plus an Identity). Click on "Advanced" and you should be able to send ad-hoc DB SQL commands. This is where you can explore your tablespaces, etc. Once you get that working, you access data in 1 of 3 modes depending on how you are using your data. It sounds like you need dbxquery which can be done like this:

| dbxquery connection=MyConnection query="Insert SQL here"

Explorer

when I use

|dbxquery connection=p11_inputs  query=SELECT * FROM "SYS"."DBA_LOBS" 

the error occurs ,have you seen it before ,thanks ,woodcock.

Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS" 
07-09-2015 12:03:14.770 INFO  dispatchRunner - initing LicenseMgr in search process: nonPro=1
07-09-2015 12:03:14.805 INFO  dispatchRunner - registering build time modules, count=0
07-09-2015 12:03:14.805 INFO  dispatchRunner - Splunkd starting (build 245427).
07-09-2015 12:03:14.805 INFO  dispatchRunner - System info: AIX, BWPRDCI, 1, 6, 00CF5AAF4C00.
07-09-2015 12:03:14.805 INFO  dispatchRunner - Detected 38 (virtual) CPUs and 88064MB RAM
07-09-2015 12:03:14.805 INFO  dispatchRunner - Maximum number of threads (approximate): 32767
07-09-2015 12:03:14.805 INFO  dispatchRunner - Arguments are: "search" "--id=1436410994.10705" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=0" "--lookups=1" "--reduce_freq=10" "--rf=*"
07-09-2015 12:03:14.805 INFO  dispatchRunner - Getting search configuration data from: /opt/splunk_install/splunk/etc/modules/parsing/config.xml
07-09-2015 12:03:14.858 INFO  BundlesSetup - Setup stats for /opt/splunk_install/splunk/etc: wallclock_elapsed_msec=246, cpu_time_used=0.245348, shared_services_generation=2, shared_services_population=1
07-09-2015 12:03:14.868 INFO  SessionManager - auth tokens will be generated with shpooling shared secret
07-09-2015 12:03:14.869 INFO  UserManager - Setting user context: splunk-system-user
07-09-2015 12:03:14.869 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:14.869 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO  UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO  UserManager - Setting user context: admin
07-09-2015 12:03:14.879 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:14.879 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.972 INFO  dispatchRunner - search context: user="admin", app="splunk_app_db_connect", bs-pathname="/opt/splunk_install/splunk/etc"
07-09-2015 12:03:15.012 INFO  IndexProcessor - Initializing: readonly=true reloading=false
07-09-2015 12:03:15.051 INFO  HotDBManager - idx=_audit Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.055 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.055 INFO  HotDBManager - idx=_blocksignature Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_internal Setting hot mgr params: maxHotSpanSecs=432000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_introspection Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1073741824 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_thefishbucket Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=524288000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=history Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=10485760 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=main Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=10 maxDataSizeBytes=10737418240 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO  HotDBManager - idx=summary Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.057 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO  IndexProcessor - Initializing indexes took usec=5960 reloading=false indexes_initialized=8
07-09-2015 12:03:15.057 INFO  SearchParser - PARSING: |dbxquery connection=p11_inputs  query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.157 INFO  ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
07-09-2015 12:03:15.197 INFO  UserManager - Setting user context: admin
07-09-2015 12:03:15.198 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:15.198 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.234 INFO  script - found script file=/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py
07-09-2015 12:03:15.235 INFO  script - stderr for script dbxquery will be added to search.log
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command.py", line 292, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      self.parser.parse(args, self)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command_internals.py", line 274, in parse
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      raise SyntaxError("Syntax error: %s" % ' '.join(argv))
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  SyntaxError: Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/__init__.py", line 226, in dispatch
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      command_class().process(argv, input_file, output_file)
0 Karma

Explorer

07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunkinstall/splunk/bin/python /opt/splunkinstall/splunk/etc/apps/splunkappdbconnect/bin/dbxquery.py _GETINFO__ connection=p11inputs query=SELECT * FROM "SYS"."DBALOBS"': File "/opt/splunkinstall/splunk/etc/apps/splunkappdbconnect/bin/splunksdk-1.2.3-py2.7.egg/splunklib/searchcommands/searchcommand.py", line 341, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunkinstall/splunk/bin/python /opt/splunkinstall/splunk/etc/apps/splunkappdbconnect/bin/dbxquery.py _GETINFO__ connection=p11inputs query=SELECT * FROM "SYS"."DBALOBS"': exit(1)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunkinstall/splunk/bin/python /opt/splunkinstall/splunk/etc/apps/splunkappdbconnect/bin/dbxquery.py _GETINFO__ connection=p11inputs query=SELECT * FROM "SYS"."DBALOBS"': SystemExit: 1
07-09-2015 12:03:15.672 ERROR script - Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11inputs query=SELECT * FROM "SYS"."DBALOBS"
07-09-2015 12:03:15.672 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Setting user context: admin
07-09-2015 12:03:15.794 INFO UserManager - Free version does not have user services
07-09-2015 12:03:15.794 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1436410994.10705', username='admin')
07-09-2015 12:03:15.795 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:16.094 INFO ShutdownHandler - Shutting down splunkd
07-09-2015 12:03:16.094 INFO ShutdownHandler - shutting down level "ShutdownLevelBegin"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
KVStore"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelThruput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
TcpInput1"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelTcpOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
UdpInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelFifoInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
WinEventLogInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelScheduler"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
Tailing"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelSyslogOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
HTTPOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelTailingXP"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
BatchReader"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelPeerManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
ArchiveAndOneshot"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelAuditTrailManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
AuditTrailQueueServiceThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelFSChangeMonitor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
FSChangeManagerProcessor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelHttpClientPollingThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
AsyncQueuedMessageDispatcherThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelOfflineFlusher"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel
Slave"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevelSlaveSearch"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel
Select"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelIdataDOCollector"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelDatabase1"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel
TcpInput2"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelLoadLDAPUsers"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel
MetricsManager"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelPipeline"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel
Queue"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelExec"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel
CallbackRunner"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevelHttpClient"
07-09-2015 12:03:16.096 INFO ShutdownHandler - Shutdown complete in 1636 microseconds
07-09-2015 12:03:16.101 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11
inputs query=SELECT * FROM "SYS"."DBA_LOBS"

0 Karma