Yah, sorry, the pitfalls of helping while on mobile.

configure the input to not use a custom sql query...tell splunk the table and let it build the query...does that work???

Still trying, but even without the query I get the following errors.

monsch1:INFO:Scheduler - Execution of input=[dbmon-dump://TEST-HRi/IDM2] finished in duration=375 ms with resultCount=0 success=false continueMonitoring=true

dbx6285:INFO:DumpDatabaseMonitor - Database monitor=[dbmon-dump://TEST-HRi/IDM2] finished with status=false resultCount=0 in duration=375 ms

I suspect I am making a basic error somewhere.

Hi @n00badmin

Please be sure that when responding to someone's answer, click on "Add comment" directly below their answer or, if responding to someone's comment, type in the "Add your comment..." box directly below their comment. You keep typing all of your responses in the "Enter your answer here..." box at the very bottom of the page which, instead, posts a brand new answer each time and is confusing for other users to follow. This will help with a clean continuous flow of the conversation. I already converted your "answers" to comments, so just something to keep in mind from here on out. Thanks.

Back to this post http://answers.splunk.com/answers/243605/splunk-db-connect-1-why-am-i-getting-error-command.html So can I index the database, or are there size limits on the Splunk side?

also try not specifying a custom sql query...just use the default query with the table name when u configure the dump

what happens if you go back to db query and run it without the limit 1000???

command="dbquery", A database error occurred: Invalid Fetch Size

I was told by the DB owners that pulling the entire DB is not an issue, I assume it is?

Theres no conflict..they are designed to run side by side...

try this search...

index=_internal source=*dbx.log *IDM2* 

You should see when the dump was executed..tells you how long it took and any results or errors

index=_internal source=*dbx* *IDM2*

Thanks - I tihnk I found the problem.

[CRITICAL] [rpcstart.py] RPC server has been terminated abnormally with error [No java path specified].

[CRITICAL] [rpcstart.py] No java path specified for stanza rpcstart://default

Still dont really understand why the DB Query would work and not the DB Input but at least I've found the right logs.

Actually that is DB Connect v2 - I'll look for errors in DBv1 and uninstall DB connect v2 incase there is a conflict

Perfect.

see the below in the logs.

13:15:00.288 dbx6955:INFO:DumpDatabaseMonitor - Database monitor=[dbmon-dump://TEST-HRi/IDM2] finished with status=false resultCount=0 in duration=234 ms

As DB Query works fine would this be an setting owned by the Database owners causing this issue?

my apologies...the text took out the star wildcards...there should be an asterisk on either side of dbx

index=_internal source=dbx returns no results, even after running a successful query in DB Query.