×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
apair
Explorer
Member since: ‎05-28-2018
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 6
Member Since ‎05-28-2018
Activity Feed
Topics I've Started
View All

Re: Splunk DBConnect Can't write data

by in All Apps and Add-ons
‎06-15-2018 12:20 AM
‎06-15-2018 12:20 AM
Hello I have the same problem too : https://answers.splunk.com/answers/661463/why-is-the-splunk-db-connect-not-indexing-data.html I think it's a bug in version 3.1.3... ... View more

Re: Why is the Splunk DB Connect not indexing data...

by in All Apps and Add-ons
‎05-31-2018 01:45 AM
1 Karma
‎05-31-2018 01:45 AM
1 Karma
At this time I have downloaded the version 2.4.1 and it's working properly but I would like to update to the latest version... ... View more

Re: Why is the Splunk DB Connect not indexing data...

by in All Apps and Add-ons
‎05-28-2018 11:47 PM
1 Karma
‎05-28-2018 11:47 PM
1 Karma
Sorry, I can't edit and I want to add this information : => I have tested with the version 2.4.1. It is OK, Data is indexed correctly... So it is a bug in the 3.1.1 version ? ... View more

Why is the Splunk DB Connect not indexing data?

by in All Apps and Add-ons
‎05-28-2018 06:15 AM
4 Karma
‎05-28-2018 06:15 AM
4 Karma
Hello, I have a problem with Splunk Entreprise 6.5.2 et Splunk DB Connect 3.1.3 : Splunk DB Connect don't index data from database. In logs, I see : 2018-05-28 14:53:51.863 +0200 [QuartzScheduler_Worker-27] INFO org.easybatch.core.job.BatchJob - Job 'testdbinput' finished with status: FAILED 2018-05-28 14:53:51.863 +0200 [QuartzScheduler_Worker-27] ERROR org.easybatch.core.job.BatchJob - Unable to write records java.io.IOException: HTTP Error 400: Bad Request at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEventBatch(HttpEventCollector.java:112) at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEvents(HttpEventCollector.java:89) at com.splunk.dbx.server.dbinput.recordwriter.HecEventWriter.writeRecords(HecEventWriter.java:36 .... 2018-05-28 14:53:51.863 +0200 [QuartzScheduler_Worker-27] ERROR c.s.d.s.task.listeners.RecordWriterMetricsListener - action=unable_to_write_batch java.io.IOException: HTTP Error 400: Bad Request at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEventBatch(HttpEventCollector.java:112) at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEvents(HttpEventCollector.java:89) at com.splunk.dbx.server.dbinput.recordwriter.HecEventWriter.writeRecords(HecEventWriter.java:36) ... 2018-05-28 14:53:51.850 +0200 [QuartzScheduler_Worker-27] INFO c.s.d.s.dbinput.recordwriter.HttpEventCollector - action=writing_events_via_http_event_collector record_count=5 When I configure my input, the request is OK : I have disabled SSL, and I put a tcpdump in the server to see request : {"time":"1527509442,533","event":"2018-05-28 14:10:42.533, action=\"SUPPRESSION_CONTRAT\"","host":"xxxxx","source":"testdbinput","sourcetype":"defautkv_xxxxx","index":"test"} When I test to send this data with a curl : curl -k https://127.0.0.1:8088/services/collector/event -H "Authorization: Splunk 761bdb35-0b8c-4780-xxxx-xxxxxx" -d '{"time":"1527509442,533","event":"2018-05-28 14:10:42.533, action=\"SUPPRESSION_CONTRAT\"","host":"xxxxx","source":"testdbinput","sourcetype":"xxxxx","index":"test"}' {"text":"Error in handling indexed fields","code":15} For me the field time isn't correct : 1527509442,533 ==> 1527509442.533 curl -k https://127.0.0.1:8088/services/collector/event -H "Authorization: Splunk 761bdb35-0b8c-4780-xxxx-xxxxxx" -d '{"time":"1527509442.533","event":"2018-05-28 14:10:42.533, action=\"SUPPRESSION_CONTRAT\"","host":"xxxxx","source":"testdbinput","sourcetype":"xxxxx","index":"test"}' {"text":"Success","code":0} Is it a bug in Splunk DB Connect ? Thank you in advance, Cordially ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from