×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
SparklyBunny
Loves-to-Learn Lots
Member since: ‎12-30-2025
‎01-12-2026
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-30-2025
Activity Feed
View All

Re: DB connect - Frequency settings

by in All Apps and Add-ons
‎01-12-2026 06:12 AM
‎01-12-2026 06:12 AM
My SQL statement is as follows:   select * FROM sys.fn_get_audit_file ('i:\sql\mssqlaudit*.sqlaudit', default, default) WHERE event_time > ? In addition, if the fetch size is set at 100, will affect the number of records that it will be pipe to Splunk? Thank you.  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
‎01-07-2026 07:29 AM
‎01-07-2026 07:29 AM
My SPL query is as follows: index=mssqlDB sourcetype=mssql* _index_earliest=10m@m _index_latest=@m | stats count as events, dc(database_name) as databases, dc(login_name) as users, avg(duration) as avg_duration by host   my current schedule is 0 0-10,14-23 * * *   The other 2 questions are very good questions, but I have not thought of how to verify them yet.      ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
‎01-07-2026 01:12 AM
‎01-07-2026 01:12 AM
Hi @isoutamo ,  I'm currently reviewing the Splunk configuration for the DB and i noticed that the logs are forwarded to Splunk every hour except 11am to 1pm. So I'm wondering if the events between 10AM and 1:59PM, will it be forwarded to Splunk based on this configuration. And also if the timespan set in the correlation rule is10mins (e.g., _index_earliest=10m@m _index_latest=@m), will I miss any records?  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
‎01-02-2026 09:47 AM
‎01-02-2026 09:47 AM
Hi, Thanks for sharing the link. I want to pipe the DB logs to Splunk every hour except 11am to 1pm. Thereafter, i want to create a correlation rule in Splunk to flag out activities of interest. Am trying to understand if my logs are coming in hourly then can my timespan in my search be 10mins (e.g., _index_earliest=10m@m _index_latest=@m)?  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
‎12-31-2025 07:17 PM
‎12-31-2025 07:17 PM
Hi, Thanks for sharing the link. I want to pipe the DB logs to Splunk every hour except 11am to 1pm. Thereafter, i want to create a correlation rule in Splunk to flag out activities of interest. Am trying to understand if my logs are coming in hourly then can my timespan in my search be 10mins (e.g., _index_earliest=10m@m _index_latest=@m)?  ... View more

DB connect - Frequency settings

by in All Apps and Add-ons
‎12-30-2025 08:00 PM
‎12-30-2025 08:00 PM
Hi,  Could you help me understand what the frequency setting in Splunk DB Connect inputs refers to? If I set the frequency as "0 00-10 14-23 * * ", does this mean audit events will be batched and sent to Splunk every hour? For the cron job that runs at 14:00, will it send records from 10:00 AM to 13:59 PM? Based on this frequency, what timespan should I use in my search (e.g., _index_earliest=10m@m _index_latest=@m)?   Please advise. Thanks in advance.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-12-2026 06:05 AM