Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All DB rows get input as one event

swathis
Explorer
‎01-14-2013 10:41 AM

Hi,
I am getting below error when I add data using data inputs from MYSQL to splunk server using DB Connect.In moniter type I choose Dump.Data gets added but all the rows gets added as one event.
Here is the error at dbx.log
INFO:DumpDatabaseMonitor - Executing database monitor
ERROR:DumpDatabaseMonitor - DBMon Error while executing monitor= com.splunk.dbx.monitor.DbmonException: Cancelling subsequent run of oneshot dump monitor.
Please advise as how i can solve the issue.

Tags (2)
0 Karma
Reply

swathis
Explorer
‎01-16-2013 10:21 AM

I hadn't checked output timestamp once I checked on it...I am getting it correctly.Thanks a ton..

0 Karma
Reply

ziegfried
Influencer
‎01-15-2013 07:43 PM

Results from DB Connect being merged into a single event can be solved by

  1. Creating a custom sourcetype with specific line breaking/merging rules to create individual events for every line
  2. Enabling the database input to output timestamps (ie. just checking the box "Output timestamp")

The error message you're experiencing is actually intended behavior. And as of version 1.0.7 it's not logged anymore. The behavior for a database input of type "dump" without a specific schedule it to index results once and then cancel any subsequent execution.

Reply

swathis
Explorer
‎01-16-2013 10:25 AM

Thanks DAN by checking the output timestamp solved the issue.Can you please explain more on how to create custom source type.I usually leave Sourcetype index and host field value empty.Thanks in advance..

0 Karma
Reply

Dan
Splunk Employee
Splunk Employee
‎01-15-2013 09:40 AM

Have you requested to output the timestamp?

Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...