Splunk Search

DB Connect - dbmon-dump and dbmon-tail do not produce results

terryloar
Path Finder

In DB Connect I used "Data Inputs in Splunk Manager" to create test_dump which it did without error and produced:

dbmon-dump://TitalMaster106s/test_dump_2

The query in the dump is:

select * from jobrun

The DB is valid and jobrun_id is a valid field in the table jobrun in the DB TitalMaster106s.

I ran this search:

dbmon-dump://TitalMaster106s/test_dump_2 | table jobrun_id

No errors are thrown but it produces no results:

No results found. Inspect ...

local/input.conf table looks like this:

[dbmon-dump://TitalMaster106s/test_dump_2]
output.format = kv
output.timestamp = 0
host = wsql116s
index = default
interval = auto
table = test_dump_2
query = select * from jobrun

It does the same thing for dbmon-tail...

$SPLUNK_HOME/var/spool does not have a dbmon directory

0 Karma

k_ankit
New Member

Since your Index is default, I think that you have not provided any value in the index field while creating the database input. However, it should not create a problem while running the query, I suggest you should use source while running the query.
Try this:
source="dbmon-dump://TitalMaster106s/test_dump_2" | table jobrun_id
Whenever a database input is created it is stored as a source in splunk.

0 Karma

lukejadamec
Super Champion

Are you still working on this? I can probably help if you are.

0 Karma

stscholz
New Member

Think your search is wrong:
Please check this first:
index=* source="dbmon-dump://TitalMaster106s/test_dump_2"

Also change the setting from the Intervall to e.g. 5m
Have a look to the dbx log at ../var/log/splunk/dbx.log for any messages.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...