Splunk add for mysql version : 1.1.0
Splunk db connect version: 3.1.2
I have single instance Splunk Enterprise.I have set up and configured splunk add-on for mysql but I am not receiving any logs.
Here is step by step action I have taken:
1. Installed splunk db connect app and created just a connection to MySql database.
2. Installed the Splunk Add-On for MySQL.
3. Set up the Splunk Add-on for MySQL.
4. Configured inputs for the Splunk Add-on for MySQL.
After this I checked
sourcetype=mysql*OUTPUT: NO results found .
I referred troubleshooting manual
According to troubleshooting manual
This add-on has 3 logs that are located at $SPLUNK_HOME/var/log/splunk
index=_internal source=*ta_mysql* error and I am getting errors related to
Errors are :
2018-02-15 18:16:53,979 ERROR pid=28194 tid=MainThread file=rest.py:splunkd_request:44 | Failed to send rest request=https://127.0.0.1:8089/servicesNS/-/-/configs/conf-mysql_db?count=0&offset=0, errcode=unknown, reason=Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_mysql/bin/ta_util2/rest.py", line 42, in splunkd_request headers=headers, body=data) File "/opt/splunk/etc/apps/Splunk_TA_mysql/bin/ta_util2/httplib2/__init__.py", line 1593, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/opt/splunk/etc/apps/Splunk_TA_mysql/bin/ta_util2/httplib2/__init__.py", line 1335, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/opt/splunk/etc/apps/Splunk_TA_mysql/bin/ta_util2/httplib2/__init__.py", line 1257, in _conn_request conn.connect() File "/opt/splunk/etc/apps/Splunk_TA_mysql/bin/ta_util2/httplib2/__init__.py", line 1060, in connect raise socket.error, msg error: [Errno 111] Connection refused
Am I missing out something?
That error says that an input in the MySQL add-on is trying to use Splunk's REST endpoint and doesn't have permissions. Most likely this is happening when the add-on tries to enable its preconfigured inputs.
index=foo sourcetype=mysql:*will work.
Thanks for a quick reply.I have given all permissions and also able to index data through DB connect app.I did follow all the above steps but still did not get any results.have you ever configured this add-on? My Splunk environment is simple.
I have a single instance Splunk enterprise and one SQL server.What I have done is successfully established a connection and set up the MySQL add-on after that configured the add-on as mentioned in this doc
which enabled data inputs.
[mysql] disabled = true interval = 60 [mysql://bin_log] log_type = bin_log duration = 10 [mysql://log_from_util] log_type = util_log duration = 10
This got created in mysql add-on on my splunk server. here I am assuming that these inputs are talking to mysql server via established connection by db connect app.Also I am assuming that I have established a connection and that is why I do not need to install heavy forwarder on sql server and do these steps.
Do I need to install heavy forwarder on SQL server and configure the add-on, DB connect app and the forwarder?
Also for slow logs, error logs do I need to use heavy forwarder? As in the docs it is mentioned file monitoring.
the add-on has two types of inputs -- preconfigured DB Connect based inputs which you have to activate through the add-on's setup, and file monitors which you have just shown. DB Connect does not have to run locally to the database.
so for file monitoring do I have to configure universal forwarder on SQL server with the add-on?
If NO then how does it fetch the information of slow logs, error logs from the Mysql server? as there is no connection of splunk instance and db except the db connect connection which is solely for db connect input.