When i tried using it to connect to sql server 2008R2, i have error message :
Encountered the following error while trying to save: Splunkd daemon is not responding: ('The read operation timed out.)
In Java 6u29, there was a bug introduced which prevented SSL connections to SQL Server 2008 R2. This bug was logged with Oracle as Bug ID: 7103725 here :
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725
Oracle has delivered a fix in 6u30, although some claim it still is not fixed. This bug is primarily effecting OSX users because of the Java Update to 6u29. Users can get around this bug by passing Java the property "-Djsse.enableCBCProtection=false" with the flag
Step to resolve the issue in db connect to sql server 2008 R2 with ssl in Splunk.
1) log on to splunk web console
2) Navigate to settings--->Splunk DB connect Configuration--->Java---->JVM command line options---->append the following parameter:
-Djsse.enableCBCProtection=false as example
-Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
3) Saving
4) after saving this review the java.conf from /Splunk/etc/apps/dbx/local directory. This file should show the update :
options = -Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
This should solve the issue
In Java 6u29, there was a bug introduced which prevented SSL connections to SQL Server 2008 R2. This bug was logged with Oracle as Bug ID: 7103725 here :
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725
Oracle has delivered a fix in 6u30, although some claim it still is not fixed. This bug is primarily effecting OSX users because of the Java Update to 6u29. Users can get around this bug by passing Java the property "-Djsse.enableCBCProtection=false" with the flag
Step to resolve the issue in db connect to sql server 2008 R2 with ssl in Splunk.
1) log on to splunk web console
2) Navigate to settings--->Splunk DB connect Configuration--->Java---->JVM command line options---->append the following parameter:
-Djsse.enableCBCProtection=false as example
-Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
3) Saving
4) after saving this review the java.conf from /Splunk/etc/apps/dbx/local directory. This file should show the update :
options = -Xmx256m -Dfile.encoding=UTF-8 -Djsse.enableCBCProtection=false -server -Duser.language=en -Duser.region=
This should solve the issue
Splunk log showed the following errors:
2014-10-21 10:24:04.543 monsch1:DEBUG:MicrosoftSqlServer - Connecting to database=MicrosoftSqlServer using JDBC url=jdbc:jtds:sqlserver://XYXS:143300/CMSICSIDAudit;ssl=request;appName=Splunk;progName=Splunk
2014-10-21 10:25:24.727 monsch1:ERROR:Scheduler - Error while reading stanza=[dbmon-tail://XXYZAudit/XYZZAudit]: com.splunk.config.SplunkConfigurationException: Error validating dbmonTail for monitor=dbmon-tail://XYZZAudit/XXYZAudit: Error getting database connection: I/O Error: Connection reset with query = select LogID, CONVERT(VARCHAR, Timestamp, 120) AS Date, Message, ActionType, Upi, RecordID, RecordTypeName, RecordName, UserID, UserFullName, CitizenRole, CaseWorkerRole, ProcessDesignerRole, AdministratorRole, EnterpriseAdministratorRole, AgentManagerRole, db_name() as DatabaseName, DiffData from Log ORDER BY LogID