- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Splunk DB Connect: Why did my dbmon-tail input...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk DB Connect: Why did my dbmon-tail input to fetch data from a SQL query stop tailing data after 1 day?
Hi,
I have setup a dbmon-tail to fetch data from a SQL query every 15 minutes. It works as expected for a day until night, and suddenly the next day it stops tailing data.
Select * from ArcUnion {{WHERE $rising_column$ > ?}}
In the interval I have set as 15m.
Can you please tell me what's the issue here?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you also tried to change the interval to cron expression ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does your dbx.log report anything related to an error? You may want to check that log instead of splunkd.log to start the troubleshoot process.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the "Rising Column" Timegenerated, is it like (or is) Unix Epoch, ever increasing or it is time of day, resetting to a lower value nightly ? Remember the query is looking for records where the value of Timegenerated is > (greater than) any value seen before.
Just checking the simple things
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rickamva,
Thanks for the response.
Timegenerated coloumn is ever increasing value, its a unix timestamp field which keeps on changing at any point of time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try to use the full jdk installation from Oracle.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what do you meany by that ? you want me upgrade the DBX app ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you please paste your inputs.conf and did you check your splunkd.log for errors?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
Below is my inputs.conf...
[dbmon-tail://Essmon_wnpcpdbeso01/ESO_DB_wnpcpdbeso01]
host = wnpcpdbeso01
index = eso
interval = 15m
output.format = mkv
output.timestamp = 1
output.timestamp.column = Timegenerated
query = Select * from ArcUnion {{WHERE $rising_column$ > ?}}
table = ESO_DB_wtpcpdbeso04
tail.rising.column = Timegenerated
disabled = 0
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
