All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DB Connect 2 with MySQL: Why am I unable to set up the timestamp field in the GUI and getting timeout errors for my dbinput?

kuklein
Engager
‎04-17-2015 06:45 AM

Hi there,

I ran into some Issues with DB Connect 2 DB-Input on Splunk 6.1 and MySQL:
1. I've tried several ways to get a timestamp field setup in the GUI:
- normal datetime fields seem to be misinterpreted to wrong dates
- if I try a characterfield, the Javadate format does not allow a format like "yyyy-MM-dd HH:mm:ss"
- if i try a conversion inside the query with unix_time; I get an Error about bigint not supported as timestamp
2. Where clauses are not possible through GUI if you're working in tail mode
3. Through the Limitations in 2 I have a fairly complex view setup where the query takes around 5 minutes on my systems. I've enabled the Debug Logging for dbx2.log and found the following Statements showing some kind of timeout for the dbinput service, but also stating that the query could take up to an hour:

/04/17/2015 14:59:14 [CRITICAL] [ws.py] [DBInput Service] timed out

[DEBUG] [mi_input.py] The execution time is 327.349689 seconds for this dbinput [mi_input://otrs-ticket-view-3] and its maximum query timeout setting is 3600 seconds

Any Ideas?

Thx in advance

Kai

0 Karma
Reply

bchoi_splunk
Splunk Employee
Splunk Employee
‎04-27-2015 12:24 PM

Hi Kai,

We are aware of this problem and the patch for this problem is tentatively slated for 2.0.2. In the mean time you can get this to work by making a small modification in /bin/mi_base.py.

Line 117: should_execute = self.clustering_precheck()

replace this line with should_execute = True

Please do this only when you run dbx on a forwarder. This workaround has not been extensively tested either. This workaround should be used at your own risk.

0 Karma
Reply

kuklein
Engager
‎04-27-2015 11:06 PM

Thx so far, will test it later this week.

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...