×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
SparklyBunny
Loves-to-Learn
Member since: 2 weeks ago
Monday
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-30-2025
Topics I've Started
View All

Re: DB connect - Frequency settings

by in All Apps and Add-ons
Monday
Monday
My SQL statement is as follows:   select * FROM sys.fn_get_audit_file ('i:\sql\mssqlaudit*.sqlaudit', default, default) WHERE event_time > ? In addition, if the fetch size is set at 100, will affect the number of records that it will be pipe to Splunk? Thank you.  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
a week ago
a week ago
My SPL query is as follows: index=mssqlDB sourcetype=mssql* _index_earliest=10m@m _index_latest=@m | stats count as events, dc(database_name) as databases, dc(login_name) as users, avg(duration) as avg_duration by host   my current schedule is 0 0-10,14-23 * * *   The other 2 questions are very good questions, but I have not thought of how to verify them yet.      ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
a week ago
a week ago
Hi @isoutamo ,  I'm currently reviewing the Splunk configuration for the DB and i noticed that the logs are forwarded to Splunk every hour except 11am to 1pm. So I'm wondering if the events between 10AM and 1:59PM, will it be forwarded to Splunk based on this configuration. And also if the timespan set in the correlation rule is10mins (e.g., _index_earliest=10m@m _index_latest=@m), will I miss any records?  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
2 weeks ago
2 weeks ago
Hi, Thanks for sharing the link. I want to pipe the DB logs to Splunk every hour except 11am to 1pm. Thereafter, i want to create a correlation rule in Splunk to flag out activities of interest. Am trying to understand if my logs are coming in hourly then can my timespan in my search be 10mins (e.g., _index_earliest=10m@m _index_latest=@m)?  ... View more

Re: DB connect - Frequency settings

by in All Apps and Add-ons
2 weeks ago
2 weeks ago
Hi, Thanks for sharing the link. I want to pipe the DB logs to Splunk every hour except 11am to 1pm. Thereafter, i want to create a correlation rule in Splunk to flag out activities of interest. Am trying to understand if my logs are coming in hourly then can my timespan in my search be 10mins (e.g., _index_earliest=10m@m _index_latest=@m)?  ... View more

DB connect - Frequency settings

by in All Apps and Add-ons
2 weeks ago
2 weeks ago
Hi,  Could you help me understand what the frequency setting in Splunk DB Connect inputs refers to? If I set the frequency as "0 00-10 14-23 * * ", does this mean audit events will be batched and sent to Splunk every hour? For the cron job that runs at 14:00, will it send records from 10:00 AM to 13:59 PM? Based on this frequency, what timespan should I use in my search (e.g., _index_earliest=10m@m _index_latest=@m)?   Please advise. Thanks in advance.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
Monday