Splunk Enterprise

Why are we getting this error after upgrading Splunk DB Connect?

rlucier
New Member

 

02-24-2022 21:24:10.711 INFO ScopedTimer [9796 searchOrchestrator] - search.optimize 0.030224023 02-24-2022 21:24:10.711 INFO SearchPhaseGenerator [9796 searchOrchestrator] - Failed to create phases using AST:Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. Falling back to 2 phase mode. 02-24-2022 21:24:10.711 INFO SearchPhaseGenerator [9796 searchOrchestrator] - Executing two phase fallback for the search=| dbxquery query="SELECT * FROM \"ngcs2_0\".\"public\".\"responder\"" connection="PROV_DB_WA_2.0" timeout=6000 02-24-2022 21:24:10.711 INFO SearchParser [9796 searchOrchestrator] - PARSING: | dbxquery query="SELECT * FROM \"ngcs2_0\".\"public\".\"responder\"" connection="PROV_DB_WA_2.0" timeout=6000 02-24-2022 21:24:10.712 INFO ChunkedExternProcessor [9796 searchOrchestrator] - Running process: /export/home/splunk/splunk/bin/python3.7 /export/home/splunk/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery_bridge.py 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: Traceback (most recent call last): 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: File "/export/home/splunk/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery_bridge.py", line 125, in <module> 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: main() 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: File "/export/home/splunk/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery_bridge.py", line 121, in main 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: bridge = DbxQueryBridge(sys.argv) 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: File "/export/home/splunk/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery_bridge.py", line 65, in _init_ 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: self.sock.connect(('localhost', port)) 02-24-2022 21:24:10.738 ERROR ChunkedExternProcessor [9807 ChunkedExternProcessorStderrLogger] - stderr: ConnectionRefusedError: [Errno 111] Connection refused 02-24-2022 21:24:10.741 ERROR ChunkedExternProcessor [9796 searchOrchestrator] - EOF while attempting to read transport header read_size=0 02-24-2022 21:24:10.741 ERROR ChunkedExternProcessor [9796 searchOrchestrator] - Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. 02-24-2022 21:24:10.741 ERROR SearchPhaseGenerator [9796 searchOrchestrator] - Fallback to two phase search failed:Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. 02-24-2022 21:24:10.743 ERROR SearchStatusEnforcer [9796 searchOrchestrator] - sid:1645766650.38_B885E1F4-85FA-453C-A035-E8DCD64B223F Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. 02-24-2022 21:24:10.743 INFO SearchStatusEnforcer [9796 searchOrchestrator] - State changed to FAILED due to: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. 02-24-2022 21:24:10.744 INFO SearchStatusEnforcer [9796 searchOrchestrator] - Enforcing disk quota = 10485760000 02-24-2022 21:24:10.747 INFO DispatchStorageManager [9796 searchOrchestrator] - Remote storage disabled for search artifacts. 02-24-2022 21:24:10.747 INFO DispatchManager [9796 searchOrchestrator] - DispatchManager::dispatchHasFinished(id='1645766650.38_B885E1F4-85FA-453C-A035-E8DCD64B223F', username='admin') 02-24-2022 21:24:10.747 INFO UserManager [9796 searchOrchestrator] - Unwound user context: admin -> NULL 02-24-2022 21:24:10.747 INFO SearchStatusEnforcer [9789 RunDispatch] - SearchStatusEnforcer is already terminated 02-24-2022 21:24:10.747 INFO UserManager [9789 RunDispatch] - Unwound user context: admin -> NULL 02-24-2022 21:24:10.747 INFO LookupDataProvider [9789 RunDispatch] - Clearing out lookup shared provider map 02-24-2022 21:24:10.749 ERROR dispatchRunner [28370 MainThread] - RunDispatch::runDispatchThread threw error: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.
Labels (2)
0 Karma

coreyCLI
Path Finder

Did you ever find a solution for this issue?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...