All Apps and Add-ons

DB connect - rising column trouble

cguimezanes
Explorer

Hello,

I'm using a dbmon-tail to index a table of my database.
My rising column is a modification date (SQL Server DateTIme). My SQL request is a simple select with a {{WHERE $rising_column$ > ?}}.

In my table I have a primary key nammed "ID", a field "status" and my modification date nammed "updated_date". I have an other field "filename" not indexed by Splunk.

Sometimes in my results I have a duplication of the result for exemple:
Note: Every records start with a status "STEP_1"

In the database i have:
ID STATUS UPDATED_DATE
1 STEP_1 2015/03/22
2 STEP_2 2015/03/23

In splunk I have:
ID STATUS UPDATED_DATE
1 STEP_1 2015/03/22
2 STEP_1 2015/03/22 ==> Result not upated
2 STEP_2 2015/03/23 ==> But duplicated

Do you how splunk dbmon-tail does not update the record instead of duplicate the record?

Thks!

0 Karma
1 Solution

vganjare
Builder

Hi,

Splunk DBConnect app writes the records into splunk index. Once the record is written into splunk index, there is no way to change that record. If there are any modifications in the DB records, and if the rising column is configured for "updated_time" column, then DBConnect will look for all the records which are added/updated after last DB fetch. The updated records will get picked up and will be indexed in splunk.

By using dedup command, duplicate records can be filtered out.

Thanks!

View solution in original post

0 Karma

vganjare
Builder

Hi,

Splunk DBConnect app writes the records into splunk index. Once the record is written into splunk index, there is no way to change that record. If there are any modifications in the DB records, and if the rising column is configured for "updated_time" column, then DBConnect will look for all the records which are added/updated after last DB fetch. The updated records will get picked up and will be indexed in splunk.

By using dedup command, duplicate records can be filtered out.

Thanks!

0 Karma

cguimezanes
Explorer

Dedup works well. Thks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...