Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All DB rows get input as one event

swathis
Explorer
‎01-14-2013 10:41 AM

Hi,
I am getting below error when I add data using data inputs from MYSQL to splunk server using DB Connect.In moniter type I choose Dump.Data gets added but all the rows gets added as one event.
Here is the error at dbx.log
INFO:DumpDatabaseMonitor - Executing database monitor
ERROR:DumpDatabaseMonitor - DBMon Error while executing monitor= com.splunk.dbx.monitor.DbmonException: Cancelling subsequent run of oneshot dump monitor.
Please advise as how i can solve the issue.

Tags (2)
0 Karma
Reply

swathis
Explorer
‎01-16-2013 10:21 AM

I hadn't checked output timestamp once I checked on it...I am getting it correctly.Thanks a ton..

0 Karma
Reply

ziegfried
Influencer
‎01-15-2013 07:43 PM

Results from DB Connect being merged into a single event can be solved by

  1. Creating a custom sourcetype with specific line breaking/merging rules to create individual events for every line
  2. Enabling the database input to output timestamps (ie. just checking the box "Output timestamp")

The error message you're experiencing is actually intended behavior. And as of version 1.0.7 it's not logged anymore. The behavior for a database input of type "dump" without a specific schedule it to index results once and then cancel any subsequent execution.

Reply

swathis
Explorer
‎01-16-2013 10:25 AM

Thanks DAN by checking the output timestamp solved the issue.Can you please explain more on how to create custom source type.I usually leave Sourcetype index and host field value empty.Thanks in advance..

0 Karma
Reply

Dan
Splunk Employee
Splunk Employee
‎01-15-2013 09:40 AM

Have you requested to output the timestamp?

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...