Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 1.1.6: Why are MS SQL dbquery results sent to an index using a database input not parsing all fields correctly?

aervillar
New Member
‎04-16-2015 03:52 PM

I am using Splunk DB Connect 1.1.6 to connect to a SQL database. The dbquery using select * from databasename works fine and I can see all fields with the correct values.

My next step is to create a data input using a database input. Everything looks to work fine, but I realize the parsing is not correct. Splunk is not bringing in all the fields.... I am now sending the data to a lookup table, and then from that table, indexing, but I am curious why and how I can fix this issue.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-09-2015 04:17 PM

I don't understand why you would do that instead of using a regular database input? dbquery into a collect introduces a bunch of needless complexity around timestamp detection that could be root of your problem.

0 Karma
Reply

avillarworldban
New Member
‎05-10-2015 06:11 AM

Maybe I was not clear, I am using dbconnect but the parsing on SQL dbs does not work as expected when sending the data to a index. I need historical data so I have to send somewhere. Indexing does not work so I have to send to a lookup first and then from the lookup to the index it works fine. Connection to oracle are OK and I can collect data daily with dbconnect and send directly to the index. Maybe dbconnect 2 fixed this issue.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-10-2015 08:46 AM

DB Connect 2 is easier to use, but it's impossible to tell what your issue is without looking at data and SQL statements. You're probably better off opening a support case than posting on a forum.

0 Karma
Reply

avillarworldban
New Member
‎05-09-2015 04:52 PM

I don't know other way to connect to a database. This was recommended by a Splunk engineer to download the apps and the use it to connect. Any link to your suggestion would help me. Thanks

0 Karma
Reply

ppablo
Retired
‎04-16-2015 04:18 PM

Hi @aervillar

Are you using DB Connect 1 or DB Connect 2?

0 Karma
Reply

aervillar
New Member
‎04-16-2015 05:07 PM

I gues version 1.1.6 (from about link)

0 Karma
Reply

ppablo
Retired
‎04-16-2015 05:11 PM

Thanks for getting back. I was editing your post to improve visibility of your issue, but needed to know the correct version to tag the official app appropriately.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...