Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunk DB connect

Prakash493
Communicator
‎05-08-2019 01:57 PM

Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder version 3. Where we have outputs setup on search head that used some spl query to run. I want to use outputs setup on heavy forwarder but when i run those splu queries i am not getting any data , is their any way that i can make my heavy forwarder talk to my search heads to get the data or which is recommended to use outputs on heavy forwarder or in search heads ?

Tags (1)
0 Karma
Reply

Prakash493
Communicator
‎05-08-2019 02:29 PM

Ok got it my inputs are on heavy forwarders whereas my outputs are on search head now if i move my outputs of db connect from search head to HF i am not getting any data your answer satisifies me to have outputs of db connector on search head so it will read data from indexers , dis i understand correct ?

0 Karma
Reply

koshyk
Super Champion
‎05-08-2019 02:26 PM

The concept of "outputs" setup in SH is wrong and HF should NOT talk to Search Heads.

The proper way to do for your case is

  1. Install DBconnect inputs in Heavy Forwarder
  2. Ensure the outputs.conf of Heavy Forwarder sends data to Indexers
  3. Ensure your SH reads from indexer. The data is shared from Indexer. So any SH should work afterwards.

In Summary , redirect all data from Heavy Forwarder to Indexer

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...