All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

_internal index not updating, once the Splunk DB Connect 3.1.4 is enabled in Splunk 7.1.1? is there any limitation?

vengat4043
Path Finder
‎04-15-2020 04:43 AM

Hi,

In our Production environment we have one Search head and two indexers, all the instance are running in Splunk Version 7.1.1. Recently we faced a issue in one of our indexer like DB_Inputs automatically removed from the Splunk DB Connect App 2.4.0 Version. As our Vendor suggested we upgraded the DB Connect APP to 3.1.4. But now we are facing a different issue, whenever the Splunk DB Connect app 3.1.4 is enabled the Internal logs are not updating? is there any limitation? kindly suggest?

0 Karma
Reply

codebuilder
Influencer
‎04-17-2020 08:58 AM

My guess is that you are trying to search the _internal index from within the DB Connect app context, which does not (generally) have permissions to do so.

Change your search context to the actual "search" app and it should work for you just fine. Enabling DB Connect does not cause the search head to stop forwarding internal logs.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-15-2020 07:24 AM

Hi,

On which instance DB connect in installed, Search Head OR Indexer? There are no such limitation that when you enable DB connect, splunk will stop generating/sending internal logs.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...