Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I have the auto db-lookups in distributed environment?

luhadia_aditya
Path Finder
‎12-12-2014 12:57 AM

I am aware that the auto-lookup functionality is not supported with db-lookups, due to constrain of running the db-lookup locally only on the search head.

Example - index=test | lookup local=1 mysql_table ip_address as clientip OUTPUT host | table clientip, host

Which is not achievable with auto-lookup.

Is there any work-around to this ?
Can I install db-connect app on the indexers as well and have the streaming db-lookup running on both the instances, indexers + search head ?

Using distributed environment (1 HFWD, 2 IDX, 1 SH), on Splunk 6.0.4 (build 207768), dbx 1.1.6. Any help is appreciated! Thanks!

Reply

dounla2carlos
Explorer
‎12-12-2014 02:52 AM

hi i'm try to solve this probleme

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...