Solved: Splunk connect db not running queries after adding...

markawad · ‎11-13-2020

Hello,

I am on splunk 7.0.2, which is configured in a distributed environment. I installed splunk connect db on a SHC. Then from one of my search heads in the UI, I added my first input. (Note the connection to the db is fine, executing the sql query during setup, yields the expected result.)

However, after adding the input, I can see that connect db does not run the query at all, it ignores the frequency at which the query would run. This is seen in $splunk_home/var/log/splunk/splunk_app_db_connect_server.log

The data is not saved at all, I am not sure what am I missing or doing wrong.

What is quite strange is that I cannot find any errors in the log that would help me at least debug why this is being caused, besides this error: ch.qos.logback.core.Appender.error in splunk_app_db_connect_health_metrics.log

Note: The SHC is configured properly and is connected with the indexers.

I have been facing a lot of issues with this. Please help me find the solution or hint me towards how I can debug this.

Thanks,
Mark

richgalloway · ‎11-13-2020

The problem began by configuring a DB Connect input on a SHC. Inputs must be installed on a heavy forwarder. See https://docs.splunk.com/Documentation/DBX/3.4.0/DeployDBX/Distributeddeployment

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-13-2020

The problem began by configuring a DB Connect input on a SHC. Inputs must be installed on a heavy forwarder. See https://docs.splunk.com/Documentation/DBX/3.4.0/DeployDBX/Distributeddeployment

---
If this reply helps you, Karma would be appreciated.

Splunk connect db not running queries after adding input

installation

troubleshooting

using Splunk Enterprise

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM