We want to protect our underlying database against dangerous operations, but also want to retain the flexibility of allowing the use of dbquery
.
We've implemented a query killer on the database side, but it looks like the java bridge swallows up that error and doesn't expose it except in logs, which means a select * from table
shows up as completed, with no errors, but only containing some of the rows in the table... seems like a dangerous non-error.
Is there any way we can time out a dbquery operation from the Splunk side?
Not today, but we'll work on something for a future release.