My DB Connect is working fine. Java bridge runs ok.
But the dbmon-tail input do not work continuously.
When I checked it in more detail, I found that the state.xml for this input in "$SPLUNK_HOME\var\lib\splunk\persistentstorage\dbx\" is getting corrupted.
I am using the a char(24) field as the rising column. This char field actually contains the datetime. And in my input settings I parse the rising column field to datetime format. Following are my input settings -
[dbmon-tail://PerfMonitor/CData]
host = testdb
index = main
output.format = kv
output.timestamp = 1
output.timestamp.column = CounterDateTime
output.timestamp.format = yyyy-MM-dd HH:mm:ss
output.timestamp.parse.format = yyyy-MM-dd HH:mm:ss
query = Select GUID\r\n ,CounterID\r\n ,RecordIndex\r\n ,CounterDateTime\r\n ,CounterValue\r\n ,FirstValueA\r\n ,FirstValueB\r\n ,SecondValueA\r\n ,SecondValueB\r\n ,MultiCount from CounterData {{WHERE $rising_column$ > ?}}
sourcetype = mssql
tail.rising.column = CounterDateTime
table = CData
interval = 300
Now when i ran my splunk service the first time, it fetched all data from this table and indexed it. But after indexing this batch, it stopped as the state.xml in persistent storage had appended some special characters to the rising column value. As shown below -
<value class="string">2014-12-15 15:42:02.414�</value>
Then I have to remove those special chars and restart the service and it indexes then the next data again untill the last entry of the table. And again it updates the value with latest field value and appends the special chars. so the indexing stops again. So, infact the tailed input is actually working for me as the dumped input.
Any idea where am I doing it wrong ?
