Hi,
I am using splunk DB connect to get data from MYSQL to splunk server.I am taking dump everytime.Say i have 20 rows in MYSQL and when I add data initially to Splunk I will have 20 events.My database gets updated thrice everyday. so I have given cron as 6h and when splunk trys to fetch the data after 6 hours it takes all 20 rows again and adds it to splunk server so now I have totally 40 events where I should be having just latest 20 events.
My second issue is similar where one of table is MYSQL is deleted everytime and rows are inserted again every 6 hours. Say i have 10 rows here. Splunk gets all rows for the first time. But next run the events would be like 12 or 13 events where it should be just latest 10 events.
I want exactly same data as how it is in MYSQL. Please let me know as how can I solve the issue.I checked my input.conf there are no duplicate entries.
I add connection using Manager>ExternalDatabases.
Here I was just giving an example. Actually we have tables with 84000 rows and some tables are with just 10 rows.I was looking at solution where splunk has same data as MYSQL.can you please let me know as how dump works in splunk.I want to aviod duplicates at data level not at query level.Becuase now I have given cron as 15 min thats the time my data gets updated for some of the tables in MYSQL.Splunk data is growing by n time for every run which is not good..
... View more