Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

All DB rows get input as one event

swathis
Explorer
‎01-14-2013 10:41 AM

Hi,
I am getting below error when I add data using data inputs from MYSQL to splunk server using DB Connect.In moniter type I choose Dump.Data gets added but all the rows gets added as one event.
Here is the error at dbx.log
INFO:DumpDatabaseMonitor - Executing database monitor
ERROR:DumpDatabaseMonitor - DBMon Error while executing monitor= com.splunk.dbx.monitor.DbmonException: Cancelling subsequent run of oneshot dump monitor.
Please advise as how i can solve the issue.

Tags (2)
0 Karma
Reply

swathis
Explorer
‎01-16-2013 10:21 AM

I hadn't checked output timestamp once I checked on it...I am getting it correctly.Thanks a ton..

0 Karma
Reply

ziegfried
Influencer
‎01-15-2013 07:43 PM

Results from DB Connect being merged into a single event can be solved by

  1. Creating a custom sourcetype with specific line breaking/merging rules to create individual events for every line
  2. Enabling the database input to output timestamps (ie. just checking the box "Output timestamp")

The error message you're experiencing is actually intended behavior. And as of version 1.0.7 it's not logged anymore. The behavior for a database input of type "dump" without a specific schedule it to index results once and then cancel any subsequent execution.

Reply

swathis
Explorer
‎01-16-2013 10:25 AM

Thanks DAN by checking the output timestamp solved the issue.Can you please explain more on how to create custom source type.I usually leave Sourcetype index and host field value empty.Thanks in advance..

0 Karma
Reply

Dan
Splunk Employee
Splunk Employee
‎01-15-2013 09:40 AM

Have you requested to output the timestamp?

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...