Solved: DB Connect Rising old logs

splunkcol · ‎03-01-2021

Database connection via DB connect in rising mode

It was presented that logs stopped arriving for a range of 2 hours

If the configuration is in rising, it is understood that only new records are brought, and if there is no data in a time range, is it because the database does not have that information?

Because that is what I am going to answer to the client, that he check directly in the database if the data in that time range exists or does not exist

or should I check something else?

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎03-01-2021

Yes, the use of a rising column means only new data will be read from the DB. That presumes, of course, that the instance running DB Connect was running for those 2 hours and the DBX input was enabled.

---
If this reply helps you, Karma would be appreciated.

DB Connect Rising old logs

field extraction

host

index

source

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation