Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

search head cluster after splunk db connect ver 3.1.1 Error related

spl109
Explorer
‎05-07-2018 11:37 AM

hi
I installed it by the method presented from the link below.
http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/Distributeddeployment

The following error occurs.
" Unable to initialize modular input "server" defined inside the app "splunk_app_db_connect": Introspecting scheme=server: Unable to run "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/server.sh --scheme": child failed to start: Permission denied "

I set only identities and connections, mysql JDBC drivers

What should I do?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎05-07-2018 06:35 PM

hello there,

please read the doc in detail:
http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/Architectureandperformanceconsiderations

To use Splunk DB Connect in a distributed search environment, including search head clusters, you must determine the planned use cases. For ad hoc, interactive usage of database connections by live users, install the app on search head(s). For scheduled indexing from databases and output of data to databases, install the app on heavy forwarder(s).

avoid installing DB Connect as an input (data collection) mechanism in a Search Head Cluster. keep it on a single Splunk instance only, preferably a Heavy Forwarder.

hope it helps

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jaxjohnny2000
Builder
‎11-07-2018 12:46 PM

mine is on a heavy forwarder. this just started happening

Unable to initialize modular input "server" defined inside the app "splunk_app_db_connect": Introspecting scheme=server: Unable to run "/opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/server.sh --scheme": child failed to start: Permission denied

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎05-07-2018 06:35 PM

hello there,

please read the doc in detail:
http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/Architectureandperformanceconsiderations

To use Splunk DB Connect in a distributed search environment, including search head clusters, you must determine the planned use cases. For ad hoc, interactive usage of database connections by live users, install the app on search head(s). For scheduled indexing from databases and output of data to databases, install the app on heavy forwarder(s).

avoid installing DB Connect as an input (data collection) mechanism in a Search Head Cluster. keep it on a single Splunk instance only, preferably a Heavy Forwarder.

hope it helps

0 Karma
Reply
Solved! Jump to solution

spl109
Explorer
‎05-09-2018 03:14 PM

Thank you.
SHC tries to install to use the |dbxout command.

Is there no way to resolve the error? The splunk version is 6.6.3

0 Karma
Reply
Solved! Jump to solution

jaxjohnny2000
Builder
‎11-07-2018 12:49 PM

My answer was to change the permissions on the server.sh file to make it and executable.

chmod 777 server.sh

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...