I am using Splunk DB connect to push my data from Splunk to oracle database. However, I can't not figure out how to avoid pushing same data into database. For example, if I specify earliest=-5m and make execution schedule every second, same data will be pushed into database. I have tried to set earliest=-5m and make execution schedule every 5 minutes. But it still have a little bug. Assume next execution time is 12:00:00, the time field in the data is 11:59:59 and upload to Splunk takes 2 seconds, then the time that data being stored in Splunk is 12:00:01. At this time, this data may not be pushed to databased since Splunk automatically catch the time in the time field of data. Anyone know how to solve this?
... View more