Looking at the Splunkd log it shows;

08-19-2015 12:23:14.681 +0100 ERROR AdminManagerExternal - Received malformed XML from external handler:\nFailed to validate: com.splunk.config.SplunkConfigurationException: Error validating dbmonTail for monitor=dbmon-tail://ElmahErr/Elmah_Err: [Elmah_Err] Invalid query "DECLARE @tmp DATETIME\r\r\nSET @tmp = DATEADD(hour,-1,GETDATE())\r\r\nexec GetElmahData @tmp, NULL" without proper {{ ... $rising_column$ > ?}} pattern! with query = \r\r\nfalse<class 'spp.java.bridge.JavaBridgeError'>Command com.splunk.dbx.monitor.DatabaseMonitorValidator returned status code 17Traceback (most recent call last):\r\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 70, in init\r\n    hand.execute(info)\r\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 526, in execute\r\n    if self.requestedAction == ACTION_CREATE:   self.handleCreate(confInfo)\r\n  File "C:\Program Files\Splunk\etc\apps\dbx\bin\spp\config.py", line 230, in handleCreate\r\n    self.handleModification("create", output)\r\n  File "C:\Program Files\Splunk\etc\apps\dbx\bin\spp\config.py", line 218, in handleModification\r\n    id, props = self.process_modification(id, props, type=type, output=output)\r\n  File "C:\Program Files\Splunk\etc\apps\dbx\bin\rest_handler_dbmon.py", line 95, in process_modification\r\n    self.validateConfig(stanza, props)\r\n  File "C:\Program Files\Splunk\etc\apps\dbx\bin\rest_handler_dbmon.py", line 126, in validateConfig\r\n    executeBridgeCommand("com.splunk.dbx.monitor.DatabaseMonitorValidator", args, checkStatus=True)\r\n  File "C:\Program Files\Splunk\etc\apps\dbx\bin\spp\java\bridge.py", line 182, in executeBridgeCommand\r\n    raise JavaBridgeError("Command %s returned status code %s" % (cmd, ret))\r\nJavaBridgeError: Command com.splunk.dbx.monitor.DatabaseMonitorValidator returned status code 17\r\n\r\n

So it seems to be grumbling about the Rising_Column not being included in the query - how do I include it properly?