DB connect not sending data

Strangertinz · ‎10-16-2024

Hi Splunk Community,

I am having issues with Splunk DB Connect 3.18.0 not sending data.

I was able to connect the db connect app to the database and query properly but no luck seeing the data from splunk cloud. I am able to send other logs and data to Splunk cloud with no issues.

Thanks!

Strangertinz · ‎10-17-2024

Thanks @gcusello for getting back to me!

Yes I configured DB connect fully, everything works but the actual data not being sent

I tried both batch and rising input types with no luck getting data sent.

Yes, I ingested a sample log file and it showed up successfully on Splunk Cloud.

Yes, I used the same index i ingested the sample file to.

Please let me know if there are other things I can check to resolve this issue.

Is there any known issue with this splunk DB connect version?

gcusello · ‎10-17-2024

Hi @Strangertinz ,

check again the results in the rising column field: usually the issue is there.

You have results executing the SQL query in DB-Connect, but it extracts only the records with the risong column values gretaer than the checkpoint, but if the rising column isn't correct or there are duplicated values you risk to lose records.

Ciao.

Giuseppe

Strangertinz · ‎10-17-2024

Hi @gcusello

I will check again. I also used batched results and still did not see any data. This is why I am not narrowing my focus on the rising column but I will evaluate further and ensure there are no errors with the rising column.

Thanks!

gcusello · ‎10-17-2024

Hi @Strangertinz ,

ok, let me know if I can help you further.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

PickleRick · ‎10-17-2024

OK. I assume you're talking about a DBConnect app installed on a HF in your on-prem environment, right?

If you're getting other logs from that HF (_internal, some other inputs), that means that the HF is sending the data. It's the dbconnect input that's not pulling the data properly from the source database. (the dbconnect doesn't "send" anything on its own; it just gets the data from the source and lets Splunk handle it like any other input). So check your _internal for anything related to that input.

Strangertinz · ‎10-17-2024

Hi @PickleRick,

That is indeed the set up I have.

That is correct there isnt a issue with connection between the HF and Splunk Cloud but rather my results from the DBconnect app not sending to Splunk Cloud.

I am more so looking to see if anyone else has faced this issue before because I have checked several things and all looks well but no real solution to get the data transferred

gcusello · ‎10-16-2024

Hi @Strangertinz ,

a stupid question: have you configured the input in DB-Connect or did you only tested the connection?

did you checked the ckeckpont based on the rising column? in other words, are you sure that you have values where the rising column value has a greater value than the previous?

are you sure that you're receiving logs on Splunk Cloud from the same server where DB-Connect is located?

did you checked the index used in the inputs.conf?

Ciao.

Giuseppe

DB connect not sending data

troubleshooting

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)