Installation

DB Connect: Why am I getting error "Splunkd daemon is not responding" trying to connect to SQL server 2008 R2?

cdo_splunk
Splunk Employee
Splunk Employee

When i tried using it to connect to sql server 2008R2, i have error message :

Encountered the following error while trying to save: Splunkd daemon is not responding: ('The read operation timed out.)

1 Solution

cdo_splunk
Splunk Employee
Splunk Employee

In Java 6u29, there was a bug introduced which prevented SSL connections to SQL Server 2008 R2. This bug was logged with Oracle as Bug ID: 7103725 here :
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725
Oracle has delivered a fix in 6u30, although some claim it still is not fixed. This bug is primarily effecting OSX users because of the Java Update to 6u29. Users can get around this bug by passing Java the property "-Djsse.enableCBCProtection=false" with the flag
Step to resolve the issue in db connect to sql server 2008 R2 with ssl in Splunk.

1) log on to splunk web console
2) Navigate to settings--->Splunk DB connect Configuration--->Java---->JVM command line options---->append the following parameter:
-Djsse.enableCBCProtection=false as example
-Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
3) Saving
4) after saving this review the java.conf from /Splunk/etc/apps/dbx/local directory. This file should show the update :
options = -Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=

This should solve the issue

View solution in original post

cdo_splunk
Splunk Employee
Splunk Employee

In Java 6u29, there was a bug introduced which prevented SSL connections to SQL Server 2008 R2. This bug was logged with Oracle as Bug ID: 7103725 here :
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725
Oracle has delivered a fix in 6u30, although some claim it still is not fixed. This bug is primarily effecting OSX users because of the Java Update to 6u29. Users can get around this bug by passing Java the property "-Djsse.enableCBCProtection=false" with the flag
Step to resolve the issue in db connect to sql server 2008 R2 with ssl in Splunk.

1) log on to splunk web console
2) Navigate to settings--->Splunk DB connect Configuration--->Java---->JVM command line options---->append the following parameter:
-Djsse.enableCBCProtection=false as example
-Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
3) Saving
4) after saving this review the java.conf from /Splunk/etc/apps/dbx/local directory. This file should show the update :
options = -Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=

This should solve the issue

cdo_splunk
Splunk Employee
Splunk Employee

Splunk log showed the following errors:
2014-10-21 10:24:04.543 monsch1:DEBUG:MicrosoftSqlServer - Connecting to database=MicrosoftSqlServer using JDBC url=jdbc:jtds:sqlserver://XYXS:143300/CMSICSIDAudit;ssl=request;appName=Splunk;progName=Splunk

2014-10-21 10:25:24.727 monsch1:ERROR:Scheduler - Error while reading stanza=[dbmon-tail://XXYZAudit/XYZZAudit]: com.splunk.config.SplunkConfigurationException: Error validating dbmonTail for monitor=dbmon-tail://XYZZAudit/XXYZAudit: Error getting database connection: I/O Error: Connection reset with query = select LogID, CONVERT(VARCHAR, Timestamp, 120) AS Date, Message, ActionType, Upi, RecordID, RecordTypeName, RecordName, UserID, UserFullName, CitizenRole, CaseWorkerRole, ProcessDesignerRole, AdministratorRole, EnterpriseAdministratorRole, AgentManagerRole, db_name() as DatabaseName, DiffData from Log ORDER BY LogID

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...