Archive
Highlighted

Splunk DB Connect v1: Database inputs not working

Contributor

Hi,

I have setup a Database Connection "TEST-HRi" in the Splunk Manager in DB Connect v 1.1.4 on Splunk 6.2.0

I can successfully query the Database in the DB Query section in DB Connect and pull down 1000 results using the below query.

SELECT * FROM MISEMPLOYEEDATA

No matter what I do I can't seem to get the Database inputs in the Splunk Manager to pull down the entire DB.

I have setup an index I would like to pull the data into called "hri-db-test". I have confirmed with the Database owners that pulling the entire DB should not be a problem from their end.

I have the following settings..

dbmon-dump://TEST-HRi/IDM2

Name
IDM2

Input Type
Dump (Always dump the full table/query)

Database
TEST-HRi

Select SQL Query
SELECT * FROM MISEMPLOYEEDATA

Sourcetype
csv

Splunk Index
hri-db-test

Output Format
CSV (with headers)

Output timestamp
MODIFYTIMESTAMP

Timestamp Format
-blank-

Interval
15 * * * *

Any help is much appreciated, even if it's pointing me towards the logs that will show me the errors. I have Splunk on Splunk installed on this instance.

Thanks,

Dan

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Communicator

dbx logs usually give a clue as to what happened in the poll of the db

index=_internal source=dbx

you can even throw a IDM2 in your search to filter the logs down...

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Contributor

index=_internal source=dbx returns no results, even after running a successful query in DB Query.

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Communicator

my apologies...the text took out the star wildcards...there should be an asterisk on either side of dbx

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Communicator
index=_internal source=*dbx* *IDM2*
0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Contributor

Thanks - I tihnk I found the problem.

[CRITICAL] [rpcstart.py] RPC server has been terminated abnormally with error [No java path specified].

[CRITICAL] [rpcstart.py] No java path specified for stanza rpcstart://default

Still dont really understand why the DB Query would work and not the DB Input but at least I've found the right logs.

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Contributor

Actually that is DB Connect v2 - I'll look for errors in DBv1 and uninstall DB connect v2 incase there is a conflict

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Contributor

Perfect.

see the below in the logs.

13:15:00.288 dbx6955:INFO:DumpDatabaseMonitor - Database monitor=[dbmon-dump://TEST-HRi/IDM2] finished with status=false resultCount=0 in duration=234 ms

As DB Query works fine would this be an setting owned by the Database owners causing this issue?

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Communicator

Theres no conflict..they are designed to run side by side...

try this search...

index=_internal source=*dbx.log *IDM2* 

You should see when the dump was executed..tells you how long it took and any results or errors

0 Karma
Highlighted

Re: Splunk DB Connect v1: Database inputs not working

Communicator

what happens if you go back to db query and run it without the limit 1000???

0 Karma