Splunk DB Connect: Why did my dbmon-tail input to ...

xbbj3nj · ‎03-20-2015

Hi,

I have setup a dbmon-tail to fetch data from a SQL query every 15 minutes. It works as expected for a day until night, and suddenly the next day it stops tailing data.

Select * from ArcUnion {{WHERE $rising_column$ > ?}}

In the interval I have set as 15m.

Can you please tell me what's the issue here?

karabsze · ‎03-26-2015

Have you also tried to change the interval to cron expression ?

vincenteous · ‎03-26-2015

Does your dbx.log report anything related to an error? You may want to check that log instead of splunkd.log to start the troubleshoot process.

rickalmva · ‎03-23-2015

the "Rising Column" Timegenerated, is it like (or is) Unix Epoch, ever increasing or it is time of day, resetting to a lower value nightly ? Remember the query is looking for records where the value of Timegenerated is > (greater than) any value seen before.

Just checking the simple things

xbbj3nj · ‎03-24-2015

Rickamva,
Thanks for the response.
Timegenerated coloumn is ever increasing value, its a unix timestamp field which keeps on changing at any point of time.

mzorzi · ‎03-20-2015

try to use the full jdk installation from Oracle.

xbbj3nj · ‎03-20-2015

what do you meany by that ? you want me upgrade the DBX app ?

PPape · ‎03-20-2015

Could you please paste your inputs.conf and did you check your splunkd.log for errors?

xbbj3nj · ‎03-20-2015

Hi ,

Below is my inputs.conf...

[dbmon-tail://Essmon_wnpcpdbeso01/ESO_DB_wnpcpdbeso01]
host = wnpcpdbeso01
index = eso
interval = 15m
output.format = mkv
output.timestamp = 1
output.timestamp.column = Timegenerated
query = Select * from ArcUnion {{WHERE $rising_column$ > ?}}
table = ESO_DB_wtpcpdbeso04
tail.rising.column = Timegenerated
disabled = 0

Splunk DB Connect: Why did my dbmon-tail input to fetch data from a SQL query stop tailing data after 1 day?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes