Splunk DB Connect Inputs not working. What do I sp...

vivianlok · ‎10-02-2017

I connected a database through configuration. When I try to add input source and sourcetype, I do not get any results. I even tried creating my own sourcetype.

Here is what the documentation specified:

Source: Optional. The input name will be used if you leave it blank.
Source type: Enter a sourcetype field value for Splunk Enterprise to assign to queried data as it is indexed. Click the field and enter a value, or choose an existing value from the menu that appears.

Kirantcs · ‎04-14-2018

Hi it is always best practice to provide sourcetype

Souretype=provide some value through which you can recognize different datas.

source=not necessary,if blank dbconnect takes the input name

host=Can provide your instance name(source of data database name)

darrenfuller · ‎10-02-2017

In dbx, both source and sourcetype are free text fields which will accept pretty much any value. Along with index, they give a three pronged pointer to find dbx sourced data.

In search, if you can't find your data using
index= source= sourcetype=

Then try:

index=_internal sourcetype=dbx*

And see what kind of errors are being raised by your input.

Splunk DB Connect Inputs not working. What do I specify for source and sourcetype?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor