Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I have the auto db-lookups in distributed environment?

luhadia_aditya
Path Finder
‎12-12-2014 12:57 AM

I am aware that the auto-lookup functionality is not supported with db-lookups, due to constrain of running the db-lookup locally only on the search head.

Example - index=test | lookup local=1 mysql_table ip_address as clientip OUTPUT host | table clientip, host

Which is not achievable with auto-lookup.

Is there any work-around to this ?
Can I install db-connect app on the indexers as well and have the streaming db-lookup running on both the instances, indexers + search head ?

Using distributed environment (1 HFWD, 2 IDX, 1 SH), on Splunk 6.0.4 (build 207768), dbx 1.1.6. Any help is appreciated! Thanks!

Reply

dounla2carlos
Explorer
‎12-12-2014 02:52 AM

hi i'm try to solve this probleme

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...