Splunk not indexing data after configuring Splunk ...

spoorthyredi · ‎08-04-2014

All,

We configured splunk to index data from a Oracle DataBase using Splunk DB Connect App .
Our database tables and data are very simple , and we are using free version of splunk .

Below are our observations :
Data Base Input configuration :

[InputType : Tail **

Rising Column : number type

Sourcetype : dbmon:kv

Splunk Index : default

Output format : Key-Value ]

When index interval was set to AUTO , splunk indexed the data (very few new rows )at a random speed . i.e, after few hours or sometimes even after a day .
When index interval is set to 60 sec - First , 10 new rows were indexed in 30 minutes .Then , for once , data (with 50 new rows ) was indexed exactly in 60 sec . After adding 150-200 new rows , indexing din't happen at all .
Now we set the interval to 2 sec and inserted just 3 new rows . No indexing happened .

We suspect it is because of the load on splunk server . Could anyone please tell whats the problem here .
Appreciate any advise on how to make splunk index database data quickly .

Please help !!

okrabbe_splunk · ‎08-04-2014

Have you had a chance to look at the splunkd logs? You will see errors with dbconnect there. You can search them by search "index=_internal splunkd"

sroback_splunk · ‎08-04-2014

Hi. DB Connect is not supported on the free version of Splunk. See http://docs.splunk.com/Documentation/DBX/1.1.4/DeployDBX/Deploymentrequirements#Supported_Splunk_ver...

You might want to upgrade to a licensed version of Splunk Enterprise or contact Splunk support (suppport@splunk.com) to evaluate your options.

okrabbe_splunk · ‎08-04-2014

They are probalby using an enterprise trial to evaluate the product.

Splunk not indexing data after configuring Splunk DB Connect app

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes