Solved: DB Connect Rising old logs

splunkcol · ‎03-01-2021

Database connection via DB connect in rising mode

It was presented that logs stopped arriving for a range of 2 hours

If the configuration is in rising, it is understood that only new records are brought, and if there is no data in a time range, is it because the database does not have that information?

Because that is what I am going to answer to the client, that he check directly in the database if the data in that time range exists or does not exist

or should I check something else?

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

DB Connect Rising old logs

field extraction

host

index

source

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation