All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect: How to troubleshoot why I'm not getting any of my MS SQL data in Splunk?

markvanrooyen
New Member
‎12-07-2015 06:11 AM

I'm pretty new to Splunk so am configuring this with the help of the guides. I have configured the Splunk DB Connect 2 app to query a table in my MS SQL server.

Everything shows a valid connection when configuring the data input and the query returns data for me to configure it with. I have a rising column set and when checking the rpc.log, I can see the query running. In here, the query says 

RisingColumnName > ? ORDER BY RisingColumnName ASC

of course replacing RisingColumnName with the actual column - I'm not sure if the ? is just something to do with Splunk or if this should in fact be the ID for the rising column?

Not sure what to look at now. I just can't get any of my data from SQL into SplunK!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2015 09:53 AM

The question mark is where the last-seen value of RisingColumnName is inserted by DB Connect when submitting the query. You must enclose the WHERE clause (or a subset of it) in double braces "{{}}" for it to work. Check dbx.log for errors.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...