Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All DB rows get input as one event

swathis
Explorer
‎01-14-2013 10:41 AM

Hi,
I am getting below error when I add data using data inputs from MYSQL to splunk server using DB Connect.In moniter type I choose Dump.Data gets added but all the rows gets added as one event.
Here is the error at dbx.log
INFO:DumpDatabaseMonitor - Executing database monitor
ERROR:DumpDatabaseMonitor - DBMon Error while executing monitor= com.splunk.dbx.monitor.DbmonException: Cancelling subsequent run of oneshot dump monitor.
Please advise as how i can solve the issue.

Tags (2)
0 Karma
Reply

swathis
Explorer
‎01-16-2013 10:21 AM

I hadn't checked output timestamp once I checked on it...I am getting it correctly.Thanks a ton..

0 Karma
Reply

ziegfried
Influencer
‎01-15-2013 07:43 PM

Results from DB Connect being merged into a single event can be solved by

  1. Creating a custom sourcetype with specific line breaking/merging rules to create individual events for every line
  2. Enabling the database input to output timestamps (ie. just checking the box "Output timestamp")

The error message you're experiencing is actually intended behavior. And as of version 1.0.7 it's not logged anymore. The behavior for a database input of type "dump" without a specific schedule it to index results once and then cancel any subsequent execution.

Reply

swathis
Explorer
‎01-16-2013 10:25 AM

Thanks DAN by checking the output timestamp solved the issue.Can you please explain more on how to create custom source type.I usually leave Sourcetype index and host field value empty.Thanks in advance..

0 Karma
Reply

Dan
Splunk Employee
Splunk Employee
‎01-15-2013 09:40 AM

Have you requested to output the timestamp?

Reply
Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...