Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect: Why is the timestamp specified in inputs.conf not being parsed?

dimitris_vergos
Path Finder
‎03-03-2015 10:31 PM

Hello,

I am trying to import data from a MySQL database.

While the import works fine, the time field gets populated with the time that the event is being imported, but not the 'datetime' field that I have specified in the database (in my case V_Date).

inputs.conf / [$SPLUNK_HOME/var/lib/splunk/persistentstorage/dbx]

[dbmon-tail://CTM/CTM Violations]
host = CTM
index = development_index
output.format = kv
output.timestamp = 0
query = SELECT VIOLATION_ID,V_DATE,VIOLATION_TYPE_ID,V_CLIENT_ID,VIOLATION_SOURCE, VIOLATION_FREQUENCY,V_LICENCE_ID,V_MODULE_ID\r\nFROM VIOLATIONS {{WHERE $rising_column$ > ?}}
sourcetype = CTM Violations
tail.rising.column = VIOLATION_ID
interval = auto
table = CTM Violations
disabled = 0
output.timestamp.column = V_DATE
output.timestamp.format = yyyy-MM-dd HH:mm:ss

I have also tried without the

output.timestamp.column = V_DATE
output.timestamp.format = yyyy-MM-dd HH:mm:ss

Date Column is V_DATE // V_DATE datetime.

I tried creating a props.conf file at a second stage.

[host::CTM]
DATETIME_CONFIG = NONE
SHOULD_LINEMERGE = false

Any suggestions?

Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎04-11-2015 01:49 PM

In my personal opinion, time formatting is easier to do in SQL than SPL, so I prefer to do it there when working with DB Connect 1.

If you use DB Connect 2, it has a UI to help you set the right time format when you build your input.

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎03-04-2015 10:35 AM

Can you supply an example of the results of the SQL query? That may not help, but it may give us more to work with.

0 Karma
Reply

dimitris_vergos
Path Finder
‎03-04-2015 09:48 PM

Here you go,

ID V_ID C_ID C_IP L_ID V_DATE V_F V_M
90050 1 6 31.5.253.88 8 2015-03-04 14:26:56 58 1

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...