All Apps and Add-ons

how to use DB CONNECT 2

pop1989
Explorer

I have installed DB CONNECT 2 in splunk ,and completed the configuration of identity and connection ,after choosing a schema and table inputs ,I don't know how to search with db connect ,how to analysis the input table ,can somebody give some advice? thanks

Tags (1)

woodcock
Esteemed Legend

Try this:

 |dbxquery connection=p11_inputs query="SELECT * FROM \"SYS\".\"DBA_LOBS\""

Or better yet, this:

 |dbxquery connection=p11_inputs query="SELECT * FROM SYS.DBA_LOBS"
0 Karma

woodcock
Esteemed Legend

Did you watch the video that goes with it? The video is very step-by-step covering what to do once you get it installed. To get it installed, you need to install the app, install Java and install an appropriate driver for your DB. Then to get data you need to create an Identity (userID & PW) and a connection (IP & port plus an Identity). Click on "Advanced" and you should be able to send ad-hoc DB SQL commands. This is where you can explore your tablespaces, etc. Once you get that working, you access data in 1 of 3 modes depending on how you are using your data. It sounds like you need dbxquery which can be done like this:

| dbxquery connection=MyConnection query="Insert SQL here"

pop1989
Explorer

when I use

|dbxquery connection=p11_inputs  query=SELECT * FROM "SYS"."DBA_LOBS" 

the error occurs ,have you seen it before ,thanks ,woodcock.

Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS" 
07-09-2015 12:03:14.770 INFO  dispatchRunner - initing LicenseMgr in search process: nonPro=1
07-09-2015 12:03:14.805 INFO  dispatchRunner - registering build time modules, count=0
07-09-2015 12:03:14.805 INFO  dispatchRunner - Splunkd starting (build 245427).
07-09-2015 12:03:14.805 INFO  dispatchRunner - System info: AIX, BWPRDCI, 1, 6, 00CF5AAF4C00.
07-09-2015 12:03:14.805 INFO  dispatchRunner - Detected 38 (virtual) CPUs and 88064MB RAM
07-09-2015 12:03:14.805 INFO  dispatchRunner - Maximum number of threads (approximate): 32767
07-09-2015 12:03:14.805 INFO  dispatchRunner - Arguments are: "search" "--id=1436410994.10705" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=0" "--lookups=1" "--reduce_freq=10" "--rf=*"
07-09-2015 12:03:14.805 INFO  dispatchRunner - Getting search configuration data from: /opt/splunk_install/splunk/etc/modules/parsing/config.xml
07-09-2015 12:03:14.858 INFO  BundlesSetup - Setup stats for /opt/splunk_install/splunk/etc: wallclock_elapsed_msec=246, cpu_time_used=0.245348, shared_services_generation=2, shared_services_population=1
07-09-2015 12:03:14.868 INFO  SessionManager - auth tokens will be generated with shpooling shared secret
07-09-2015 12:03:14.869 INFO  UserManager - Setting user context: splunk-system-user
07-09-2015 12:03:14.869 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:14.869 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO  UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO  UserManager - Setting user context: admin
07-09-2015 12:03:14.879 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:14.879 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.972 INFO  dispatchRunner - search context: user="admin", app="splunk_app_db_connect", bs-pathname="/opt/splunk_install/splunk/etc"
07-09-2015 12:03:15.012 INFO  IndexProcessor - Initializing: readonly=true reloading=false
07-09-2015 12:03:15.051 INFO  HotDBManager - idx=_audit Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.055 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.055 INFO  HotDBManager - idx=_blocksignature Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_internal Setting hot mgr params: maxHotSpanSecs=432000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_introspection Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1073741824 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=_thefishbucket Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=524288000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=history Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=10485760 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO  HotDBManager - idx=main Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=10 maxDataSizeBytes=10737418240 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.056 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO  HotDBManager - idx=summary Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000 
07-09-2015 12:03:15.057 INFO  AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO  IndexProcessor - Initializing indexes took usec=5960 reloading=false indexes_initialized=8
07-09-2015 12:03:15.057 INFO  SearchParser - PARSING: |dbxquery connection=p11_inputs  query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.157 INFO  ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
07-09-2015 12:03:15.197 INFO  UserManager - Setting user context: admin
07-09-2015 12:03:15.198 INFO  UserManager - Free version does not have user services
07-09-2015 12:03:15.198 INFO  UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.234 INFO  script - found script file=/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py
07-09-2015 12:03:15.235 INFO  script - stderr for script dbxquery will be added to search.log
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command.py", line 292, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      self.parser.parse(args, self)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command_internals.py", line 274, in parse
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      raise SyntaxError("Syntax error: %s" % ' '.join(argv))
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  SyntaxError: Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':  Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':    File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/__init__.py", line 226, in dispatch
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"':      command_class().process(argv, input_file, output_file)
0 Karma

pop1989
Explorer

07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command.py", line 341, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': exit(1)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': SystemExit: 1
07-09-2015 12:03:15.672 ERROR script - Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.672 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Setting user context: admin
07-09-2015 12:03:15.794 INFO UserManager - Free version does not have user services
07-09-2015 12:03:15.794 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1436410994.10705', username='admin')
07-09-2015 12:03:15.795 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:16.094 INFO ShutdownHandler - Shutting down splunkd
07-09-2015 12:03:16.094 INFO ShutdownHandler - shutting down level "ShutdownLevel_Begin"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_KVStore"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Thruput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput1"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_UdpInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FifoInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_WinEventLogInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Scheduler"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Tailing"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_SyslogOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_HTTPOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TailingXP"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_BatchReader"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_PeerManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_ArchiveAndOneshot"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailQueueServiceThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeMonitor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeManagerProcessor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClientPollingThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AsyncQueuedMessageDispatcherThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_OfflineFlusher"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Slave"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_SlaveSearch"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Select"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_IdataDO_Collector"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Database1"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput2"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_MetricsManager"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Pipeline"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Queue"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Exec"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_CallbackRunner"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClient"
07-09-2015 12:03:16.096 INFO ShutdownHandler - Shutdown complete in 1636 microseconds
07-09-2015 12:03:16.101 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...