How do I configure DB Connect Outputs to send data...

vxb4892 · ‎12-31-2018

I currently have a connection set up from my Splunk search head(SH) in DB Connect to an external database where I'm trying to export the results of a Splunk search. The search works correctlyd. I have both read and write permissions to the relevant database and the target tables, my fields are mapped correctly, and I'm not seeing any errors in my internal db logs. The issue is, however, that despite everything appearing to work on the surface, I'm not seeing any data appear in the DB table as expected.

The data source for the search is indexed via an Http Event Collector connection. The goal is to take this indexed data, perform some aggregate calculations, and then export the result to another Database. I am able to access this index through my SH, but not through my Heavy Forwarder(HF). How can I get this data exported to this database? If it's not possible directly from the SH, then is there a way for me to first send the data to the HF and then establish a DB Connect connection from there?

Any and all help would be much appreciated!

scc00 · ‎01-14-2019

How is it configured currently within the SH? Do you have DBConnect installed there? How have you set it up to be forwarded?

woodcock · ‎01-09-2019

What version of dbconnect are you using? What is your search SPL (or at least the last 2 pipes of it)?

richgalloway · ‎01-10-2019

Have you looked at the search log (via Job Inspector) to see what errors, if any, are reported?

---
If this reply helps you, Karma would be appreciated.

How do I configure DB Connect Outputs to send data from a search head?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!