Archive

Splunk DB Connect 1: Is there a way to configure DNS caching TTL in Splunk?

Path Finder

Hi,

I'm using Splunk DB Connect vs Amazon RDS service(mysql database) and it works great.
But, from time to time, when the IP of the database is changed, Splunk fails to connect anymore, even though I'm using a DNS name.

Seems like Splunk resolves the database DNS only once.
To workaround the problem, I've restarted the Splunk service.

I wonder if there's a configuration where I could define the "DNS caching TTL".

Thanks in advance,

Splunk Employee
Splunk Employee

Splunk shouldnt be caching this. Most likely you're seeing a resolution issue with your cache server in your company. If you can do a dig for your hostname, you can see the TTL value for it you're getting on your network:

;; ANSWER SECTION:
www.google.com. 299 IN A 206.169.145.222
www.google.com. 299 IN A 206.169.145.242
www.google.com. 299 IN A 206.169.145.232

0 Karma

Path Finder

Well, I think the problem could be solved by tuning the java.security settings.
I've set the networkaddress.cache.ttl to 60sec.
Will follow up this issue and update...

Yaniv

0 Karma

Path Finder

Hi Esix,
Thanks for your reply.

My DB is actually an Amazon RDS instance.
The Splunk server is also running on Amazon EC2.
So, it doesn't seems like the problem is with the DNS server side.
Also, the problem vanish when I restart the Splunk server(not reboot), so it seems like an issue on the Splunk side.

It happens from time to time and I have no idea how to solve this issue 😞

Yaniv

0 Karma