Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

If DBConnect host changes, will it download the complete database?

splunkcol
Builder
‎04-03-2023 02:02 PM

I have a Splunk cloud implementation where the client side there is a Heavy Forwarder type server that collects that forwards logs to Splunk Cloud.

In that Heavy Forwarder there is also the DBConnect plugin to get the data from a database.

My question is if for some reason the hostname of the database changes and I put the hostname of the new database and the respective port as it is a new database for Splunk it would download it completely? the configuration was made in "Rising" mode so that it only discards the new logs, but as for the add-on it would be a new database, then it would download the complete database?

If it is a database with logs more than 5 years old, is there any method to bring them into splunk since it will obviously exceed the daily license?

 

splunkcol_0-1680555524894.png

 

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎04-04-2023 10:37 PM

Hi @splunkcol,

Splunk DBConnect app uses a checkpoint if the rising mode is configured.  These checkpoints are input parameters, not connections. That is why updating the hostname in connection does not effect checkpoints in inputs. 

If you want to be safe you can follow below path;

- Disable input,

- Note the current checkpoint ,

- Update hostname on connection,

- Check if checkpoint is still the same, correct if needed

- Enable output.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎04-05-2023 08:56 PM

Hi @splunkcol,

The reason there is no result may be that there is no new data after the last query. If there is no new data after the checkpoint value it is normal to see "No results found". You can check by deleting the 2nd and 3rd rows of your SQL and executing. It should show the results. If so everything seems ok.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎04-04-2023 10:37 PM

Hi @splunkcol,

Splunk DBConnect app uses a checkpoint if the rising mode is configured.  These checkpoints are input parameters, not connections. That is why updating the hostname in connection does not effect checkpoints in inputs. 

If you want to be safe you can follow below path;

- Disable input,

- Note the current checkpoint ,

- Update hostname on connection,

- Check if checkpoint is still the same, correct if needed

- Enable output.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Solved! Jump to solution

splunkcol
Builder
‎04-05-2023 09:39 AM

 

Hi, thanks for your help, I no longer get connection error.

Now I have another problem, when I enter the SQL query and press the "Execute SQL" button it should show a preview of the records but it is not showing anything.

The strange thing is that if it detects the fields "catalog", "schema" and "Table" with this I understand that there are no connection or authentication problems but I do not understand why it fails to display the table data.

Any suggestions on what I should check?

Translated with www.DeepL.com/Translator (free version)

splunkcol_0-1680712559682.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...