All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

_internal index not updating, once the Splunk DB Connect 3.1.4 is enabled in Splunk 7.1.1? is there any limitation?

vengat4043
Path Finder
‎04-15-2020 04:43 AM

Hi,

In our Production environment we have one Search head and two indexers, all the instance are running in Splunk Version 7.1.1. Recently we faced a issue in one of our indexer like DB_Inputs automatically removed from the Splunk DB Connect App 2.4.0 Version. As our Vendor suggested we upgraded the DB Connect APP to 3.1.4. But now we are facing a different issue, whenever the Splunk DB Connect app 3.1.4 is enabled the Internal logs are not updating? is there any limitation? kindly suggest?

0 Karma
Reply

codebuilder
Influencer
‎04-17-2020 08:58 AM

My guess is that you are trying to search the _internal index from within the DB Connect app context, which does not (generally) have permissions to do so.

Change your search context to the actual "search" app and it should work for you just fine. Enabling DB Connect does not cause the search head to stop forwarding internal logs.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-15-2020 07:24 AM

Hi,

On which instance DB connect in installed, Search Head OR Indexer? There are no such limitation that when you enable DB connect, splunk will stop generating/sending internal logs.

0 Karma
Reply
Get Updates on the Splunk Community!

Fall Into Learning with New Splunk Education Courses

Every month, Splunk Education releases new courses to help you branch out, strengthen your data science roots, ...

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

By Martin Hettervik, Senior Consultant and Team Leader at Accelerate at Iver, Splunk MVPThe stats command is ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Your bank's payment processing system is humming along during a busy afternoon, handling millions in hourly ...