Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunk DB connect

Prakash493
Communicator
‎05-08-2019 01:57 PM

Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder version 3. Where we have outputs setup on search head that used some spl query to run. I want to use outputs setup on heavy forwarder but when i run those splu queries i am not getting any data , is their any way that i can make my heavy forwarder talk to my search heads to get the data or which is recommended to use outputs on heavy forwarder or in search heads ?

Tags (1)
0 Karma
Reply

Prakash493
Communicator
‎05-08-2019 02:29 PM

Ok got it my inputs are on heavy forwarders whereas my outputs are on search head now if i move my outputs of db connect from search head to HF i am not getting any data your answer satisifies me to have outputs of db connector on search head so it will read data from indexers , dis i understand correct ?

0 Karma
Reply

koshyk
Super Champion
‎05-08-2019 02:26 PM

The concept of "outputs" setup in SH is wrong and HF should NOT talk to Search Heads.

The proper way to do for your case is

  1. Install DBconnect inputs in Heavy Forwarder
  2. Ensure the outputs.conf of Heavy Forwarder sends data to Indexers
  3. Ensure your SH reads from indexer. The data is shared from Indexer. So any SH should work afterwards.

In Summary , redirect all data from Heavy Forwarder to Indexer

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...