Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunk DB connect

Prakash493
Communicator
‎05-08-2019 01:57 PM

Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder version 3. Where we have outputs setup on search head that used some spl query to run. I want to use outputs setup on heavy forwarder but when i run those splu queries i am not getting any data , is their any way that i can make my heavy forwarder talk to my search heads to get the data or which is recommended to use outputs on heavy forwarder or in search heads ?

Tags (1)
0 Karma
Reply

Prakash493
Communicator
‎05-08-2019 02:29 PM

Ok got it my inputs are on heavy forwarders whereas my outputs are on search head now if i move my outputs of db connect from search head to HF i am not getting any data your answer satisifies me to have outputs of db connector on search head so it will read data from indexers , dis i understand correct ?

0 Karma
Reply

koshyk
Super Champion
‎05-08-2019 02:26 PM

The concept of "outputs" setup in SH is wrong and HF should NOT talk to Search Heads.

The proper way to do for your case is

  1. Install DBconnect inputs in Heavy Forwarder
  2. Ensure the outputs.conf of Heavy Forwarder sends data to Indexers
  3. Ensure your SH reads from indexer. The data is shared from Indexer. So any SH should work afterwards.

In Summary , redirect all data from Heavy Forwarder to Indexer

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...