Solved: DB Connect Rising old logs

splunkcol · ‎03-01-2021

Database connection via DB connect in rising mode

It was presented that logs stopped arriving for a range of 2 hours

If the configuration is in rising, it is understood that only new records are brought, and if there is no data in a time range, is it because the database does not have that information?

Because that is what I am going to answer to the client, that he check directly in the database if the data in that time range exists or does not exist

or should I check something else?

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

DB Connect Rising old logs

field extraction

host

index

source

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

Join the Conversation