Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What sourcetype should be used input MySQL data

ti786
Explorer
‎12-03-2013 04:27 AM

I am using the DB Connect app to connect to a MYSQL database and input the data from a table.

What sourcetype should I use for MySQL data in the Database Input:

  1. dbmon:kv
  2. dbmon:mkv
  3. or some other?

Also the datetime fields in the MySQL data like "2013-09-24 21:31:13" appear as "1385819882.000" in Splunk - is this format to do with the sourcetype and how can I get Splunk to keep the original format?

0 Karma
Reply

lukejadamec
Super Champion
‎12-03-2013 11:16 AM

Can you post the splunk\etc\apps\dbx\local\inputs.conf stanza for this MySQL input?

To view the raw data in Splunk you run a search that pulls the data from this input and then table it to _raw

search for MySQL data | table _raw

0 Karma
Reply

ti786
Explorer
‎12-03-2013 10:57 AM

Is it possible to view the rawdata in Splunk that is returned by a MySQL query run from Splunk?

The MySQL data has some datetime fields like "2013-09-24 21:31:13", but these appear as "1385819882.000" in Splunk - how can I get Splunk to keep the original datetime format?

0 Karma
Reply

ti786
Explorer
‎12-03-2013 10:55 AM

Is it possible to view the rawdata in Splunk that is returned by a MySQL query run from Splunk?

The MySQL data has some datetime fields like "2013-09-24 21:31:13", but these appear as "1385819882.000" in Splunk - how can I get Splunk to keep the original datetime format?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-03-2013 09:04 AM

You'll probably get good results with KV. Experiment in a separate index until you get the results you want.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-03-2013 12:58 PM

If you click on the DB Query button in the DB Connect app you can enter a query and see what would be indexed.

To get the datetime format you want, use CONVERT(datetime, column, 120).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ti786
Explorer
‎12-03-2013 10:58 AM

Is it possible to view the rawdata in Splunk that is returned by a MySQL query run from Splunk?

The MySQL data has some datetime fields like "2013-09-24 21:31:13", but these appear as "1385819882.000" in Splunk - how can I get Splunk to keep the original datetime format?

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
Top