Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunk DB connect

Prakash493
Communicator
‎05-08-2019 01:57 PM

Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder version 3. Where we have outputs setup on search head that used some spl query to run. I want to use outputs setup on heavy forwarder but when i run those splu queries i am not getting any data , is their any way that i can make my heavy forwarder talk to my search heads to get the data or which is recommended to use outputs on heavy forwarder or in search heads ?

Tags (1)
0 Karma
Reply

Prakash493
Communicator
‎05-08-2019 02:29 PM

Ok got it my inputs are on heavy forwarders whereas my outputs are on search head now if i move my outputs of db connect from search head to HF i am not getting any data your answer satisifies me to have outputs of db connector on search head so it will read data from indexers , dis i understand correct ?

0 Karma
Reply

koshyk
Super Champion
‎05-08-2019 02:26 PM

The concept of "outputs" setup in SH is wrong and HF should NOT talk to Search Heads.

The proper way to do for your case is

  1. Install DBconnect inputs in Heavy Forwarder
  2. Ensure the outputs.conf of Heavy Forwarder sends data to Indexers
  3. Ensure your SH reads from indexer. The data is shared from Indexer. So any SH should work afterwards.

In Summary , redirect all data from Heavy Forwarder to Indexer

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...