I'm using Splunk DB Connect vs Amazon RDS service(mysql database) and it works great.
But, from time to time, when the IP of the database is changed, Splunk fails to connect anymore, even though I'm using a DNS name.
Seems like Splunk resolves the database DNS only once.
To workaround the problem, I've restarted the Splunk service.
I wonder if there's a configuration where I could define the "DNS caching TTL".
Thanks in advance,
Splunk shouldnt be caching this. Most likely you're seeing a resolution issue with your cache server in your company. If you can do a dig for your hostname, you can see the TTL value for it you're getting on your network:
Thanks for your reply.
My DB is actually an Amazon RDS instance.
The Splunk server is also running on Amazon EC2.
So, it doesn't seems like the problem is with the DNS server side.
Also, the problem vanish when I restart the Splunk server(not reboot), so it seems like an issue on the Splunk side.
It happens from time to time and I have no idea how to solve this issue 😞