Solved: dbConnect 3.1.1 and Splunk Enterprise 7.0.1 - SQL ...

aef0429ca · ‎01-06-2018

I am running Splunk 7.0.0 with dbConnect 3.1.1 for access to a MySQL database. A few days ago I was able to retrieve data from the database with the SQL Explorer, but after coming back the following day, the SQL Explorer is now returning the following error

"Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log."

The search log shows as follows.

01-06-2018 18:45:07.464 INFO ChunkedExternProcessor - Running process: /opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/command.sh -Dlogback.configurationFile=../config/command_logback.xml -DDBX_COMMAND_LOG_LEVEL=DEBUG -cp ../jars/command.jar com.splunk.dbx.command.DbxQueryCommand
01-06-2018 18:45:07.466 ERROR ChunkedExternProcessor - Failure starting process
01-06-2018 18:45:07.466 ERROR ChunkedExternProcessor - Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.

I have searched through this forum and the solution suggested is just to downgrade dbConnect to previous version. Doesn´t seem like a "solution" to me. From the dbConnect page, 7.0 is said to be compatible. Have also noted another user running 7.0 with 3.1.1 on 6 out of 7 servers, so clearly seems that it should be possible to make this work.

Anyone having any ideas at all? Is this product perhaps not ready for prime?

dvergnes_splunk · ‎01-09-2018

Hi,

Did the user set a time zone in his settings? If so please select the default one it should fix the issue. We are still investigating on this issue. Sorry for the inconvenience.

View solution in original post

dvergnes_splunk · ‎01-09-2018

Hi,

Did the user set a time zone in his settings? If so please select the default one it should fix the issue. We are still investigating on this issue. Sorry for the inconvenience.

dfloresc · ‎09-19-2018

Thank you. I had the same issue with the SQL queries and after i changed the time zone to default and it could be executed!

aef0429ca · ‎01-09-2018

Yesss. This was indeed the issue. Connection time (Brazil East) zone and administrator (CET) time zone were not the same. Once synced synced, functionality was back. Many thanks!

nikita_p · ‎01-09-2018

Hi @aef0429ca,
Did you check answer in below splunkanswers? It might help you.
https://answers.splunk.com/answers/588233/splunk-db-connect-dbxquery-failure-failure-startin.html

aef0429ca · ‎01-09-2018

Hmm.. doesn´t look like a solution to me. Will downgrade dbconnect and try. Not really happy about that but I am not presented with any other option.

p_gurav · ‎01-09-2018

Hi aef0429ca,

can you tell which version connector/ JDBC driver are you using?

aef0429ca · ‎01-09-2018

Hello, first we just switched to using jdk1.8.0_151 instead of the JRE, but results are the same. In terms of the DB connector, we use version 5.1.

Amazing part is that the connection I actually managed to set up last week still works and indexing of the input is happening. However, even opening this "input" up and trying to run the actual query, it also fails, while it is still performing correct indexing.

p_gurav · ‎01-09-2018

HI,

Can you verify the driver setup with document:

http://docs.splunk.com/Documentation/DBX/3.1.1/DeployDBX/Installdatabasedrivers

Could you also tell me which OS you are using?

aef0429ca · ‎01-09-2018

Confirming the use of mysql-connector-java-5.1.45-bin.jar
OS is Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1044-aws x86_64)

dbConnect 3.1.1 and Splunk Enterprise 7.0.1 - SQL Explorer - Error in 'dbxquery' command

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms