Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunk DB connect

Prakash493
Communicator
‎05-08-2019 01:57 PM

Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder version 3. Where we have outputs setup on search head that used some spl query to run. I want to use outputs setup on heavy forwarder but when i run those splu queries i am not getting any data , is their any way that i can make my heavy forwarder talk to my search heads to get the data or which is recommended to use outputs on heavy forwarder or in search heads ?

Tags (1)
0 Karma
Reply

Prakash493
Communicator
‎05-08-2019 02:29 PM

Ok got it my inputs are on heavy forwarders whereas my outputs are on search head now if i move my outputs of db connect from search head to HF i am not getting any data your answer satisifies me to have outputs of db connector on search head so it will read data from indexers , dis i understand correct ?

0 Karma
Reply

koshyk
Super Champion
‎05-08-2019 02:26 PM

The concept of "outputs" setup in SH is wrong and HF should NOT talk to Search Heads.

The proper way to do for your case is

  1. Install DBconnect inputs in Heavy Forwarder
  2. Ensure the outputs.conf of Heavy Forwarder sends data to Indexers
  3. Ensure your SH reads from indexer. The data is shared from Indexer. So any SH should work afterwards.

In Summary , redirect all data from Heavy Forwarder to Indexer

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...