Shared.... ... View more

Hi @behudelson Install DBConnect v 3.1.2 and then check. Please share email ID if you want DBConnect v 3.1.2 app. ... View more

Hi @behudelson , I got this issue and it's related to HEC (HTTP Event Collector) Error, DB Connect ingest data in Splunk using HEC. Unfortunalely this problem will occur only with MS server and DB Connect v 3.1.3. refer(https://answers.splunk.com/answers/710632/splunk-dbconnect-is-not-creating-sourcetype.html) To Reslove this issue, you need to uninstall DBConnect APP 3.1.3 and Install its previous version DBConnect 3.1.2. Also DBConnect 3.1.2 is not available in SplunkBase. Please share your email ID. I will provide to you. Thanks. Dhirendra ... View more

hi @behudelson Which Operating Sysytem (OS) you are using... Is it Microsoft Server ?? ... View more

Thanks a lot @woodcock . 🙂 ... View more

Hi All/ @woodcock I am using below SPL: host="ITEM-System" sourcetype="System" | rex "System \s+(?<action>\w+) of (?<from_server>.*) (?<result>successfully|failed) transferred to (?<to_server>.*)" | rex "System \s+(?<action>\w+) (?<result>successfully|failed) ended on (?<from_server>.*) from export of (?<to_server>.*) with exit code 0"|eval linkType=case(action="export","licensing",action="Import","search"), result="OK"|table from_server action to_server result linkType| where action!=" " and genrated the attached visualization trough with Network Topology - Custom Visualization App. Could you please suggest more on SPL for better display. Thanks. ... View more

Sure, I will try with mentioned apps and get back to you. Thank you very much for your suggestion. ... View more

This chart can be formed by Donut Chart splunk App. Ref:https://splunkbase.splunk.com/app/1161/ Thanks ... View more

Hi @Liuzhengchen .. Did you check with above solution. I have resolved mine ref: https://answers.splunk.com/answers/710632/splunk-dbconnect-is-not-creating-sourcetype.html Thanks ... View more

yes you are right harsh. The problem is seems to be related to HEC. But i get resolved by uninstalling dbconnect 3.1.3 and install dbconnect 3.1.2. Thanks for your support. ... View more

Hi , Uninstall the Splunk dbConnect 3.1.3 and install dbconnect 3.1.2 below is the reference of same issue https://answers.splunk.com/answers/640570/why-are-dbconnect-3-inputs-unable-to-write-records.html Thanks. ... View more

Yes.. I got the link. Thank you so much.. ... View more

Hi @andreacorvini , I am facing same issue. Can you please send me the link for dbconnect[previous version] as well. dhirendrasingh.822@gmail.com ... View more

Hi @harshmarvania57, I got below error in splunk_app_db_connect_server.log 2018-12-20 07:15:30.950 +0100 [QuartzScheduler_Worker-2] ERROR c.s.d.s.task.listeners.RecordWriterMetricsListener - action=unable_to_write_batch java.io.IOException: HTTP Error 400: Bad Request at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEventBatch(HttpEventCollector.java:112) at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEvents(HttpEventCollector.java:89) at com.splunk.dbx.server.dbinput.recordwriter.HecEventWriter.writeRecords(HecEventWriter.java:36) at org.easybatch.core.job.BatchJob.writeBatch(BatchJob.java:203) at org.easybatch.core.job.BatchJob.call(BatchJob.java:79) at org.easybatch.extensions.quartz.Job.execute(Job.java:59) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) 2018-12-20 07:15:30.950 +0100 [QuartzScheduler_Worker-2] ERROR org.easybatch.core.job.BatchJob - Unable to write records java.io.IOException: HTTP Error 400: Bad Request at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEventBatch(HttpEventCollector.java:112) at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEvents(HttpEventCollector.java:89) at com.splunk.dbx.server.dbinput.recordwriter.HecEventWriter.writeRecords(HecEventWriter.java:36) at org.easybatch.core.job.BatchJob.writeBatch(BatchJob.java:203) at org.easybatch.core.job.BatchJob.call(BatchJob.java:79) at org.easybatch.extensions.quartz.Job.execute(Job.java:59) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) ... View more

Thanks for you your input. Let me check and I will get back to you by tomorrow. Thanks for your response again. 🙂 ... View more

Yes I am able to see "dbindex" in page. and event count in dbindex is 0 ... View more

Hi @harsmarvania57 , " dbIndex" is my custom index. And dbconnect is installed in virtual machine (windows 2012 R2 OS),I am using in indexer not heavy forwarder. We are not sending data any where. Just fetching the data from oracle database. ... View more

Hi Harsh, I followed you appoarch. I created "dbIndex" index manually. then I create "testDB" sourcetype in dbinput setting. It doesn't still display any events. And while editing input It doesn't show in the list of sourcetype . let me know If i missed something. link text https://ibb.co/YPhxHR3 https://ibb.co/tQMvR4Z ... View more

Hi Harsh, Thanks for suggestion. I think my issue is with sourcetype and index. The data is not binding with sourcetype and index because it is not created. Every time when i edit the input in DB connect it doen't show me in list (please refer above SS). Also in "DATA SUMMARY" I am not able to locate my created sourcetype. This problem is occurs only "Windows Server 2012 R2" and it is working fine in windows 7. Is there is any possibility for different OS as well. Thanks ... View more

Hi @harsmarvania57 , source type is present in db_inputs.conf. While creating input, the proper results are shown during SQL query execution as well. But when I click on 'Find Events' option available in created input, I don't get any results. This problem is occuring on remote splunk instance only. On my local instance, I am able to find events without any issues. Please suggest what could be the issue here ? db_input.conf [EvolynxTable] connection = EvolynxDB description = Table for all data from database disabled = 0 index = main index_time_mode = current interval = 100 max_rows = 100 mode = batch query = SELECT * FROM "CB80QUA2"."EVOL_UTL" sourcetype = db_audit ... View more

Your query is more simpler than above and works exactly same. Thanks for your inputs ... View more

Hi @harishalipaka thank you so much for your input. I got append result for all field values in one bar. Just for clarififcation, The image having math expression and substractaction accoordingly. Image represented should be represented as : The total memory is represented as whole bar (100%=80000) Permanent memory is 70000 (87.5% of full memory) Volatile memory is 8000 (10% of full memory) Then free space will be (80000-(8000+70000) eg 2.5% of full memory). Can you pease re-sugguested query as per above description. ... View more