- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- DBConnect 3 : not getting data writen into splunk ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Guys,
I'm new to Dbconnect but i have this urgent problem.
from the application, i created an input (mode=rising) based on a rising column timestamp created in oracle DB.
query:
**SELECT DISTINCT * FROM "DB"."TABLE"
WHERE TIME > ?
ORDER BY TIME ASC*
The execution of the query in rising mode is successful !! but then NO DATA created in splunk!
i tracked down the error:
2019-04-23 11:43:01.645 +0100 INFO c.s.dbx.server.task.listeners.JobMetricsListener - action=collect_job_metrics connection=DB jdbc_url=null db_read_time=4 hec_record_process_time=350 format_hec_success_count=1000 status=FAILED input_name=test2 batch_size=1000 error_threshold=N/A is_jmx_monitoring=false start_time=2019-04-23_11:43:00 end_time=2019-04-23_11:43:01 duration=1643 read_count=1000 write_count=0 filtered_count=0 error_count=0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the solution !
after watching logs (tail - 50) from $SPLUNK_HOME/var/log/splunk/splunk_app_db_connect_server.log, i realised that the problem was in the JVM command option! the error was :
HTTP Error 400, HEC response body: {"text":"Error in handling indexed fields","code":15,"invalid-event-number":0}
==>Solution :
Http Event Collector expects to receive dates in format: timestamp.microsecondes
Splunk DB connect transforms dates in this format via Java. If the default locale takes the comma as the decimal separator, the problems start ...
To solve this problem :
In Splunk DB Connect > Configuration> Settings> General, add the option in JVM Options:
*-Duser.language=en*
Save, java server restarts.
I've got help from this question
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the solution !
after watching logs (tail - 50) from $SPLUNK_HOME/var/log/splunk/splunk_app_db_connect_server.log, i realised that the problem was in the JVM command option! the error was :
HTTP Error 400, HEC response body: {"text":"Error in handling indexed fields","code":15,"invalid-event-number":0}
==>Solution :
Http Event Collector expects to receive dates in format: timestamp.microsecondes
Splunk DB connect transforms dates in this format via Java. If the default locale takes the comma as the decimal separator, the problems start ...
To solve this problem :
In Splunk DB Connect > Configuration> Settings> General, add the option in JVM Options:
*-Duser.language=en*
Save, java server restarts.
I've got help from this question
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is HEC running on the heavy forwarder and did you make a token for dbconnect?
You could try Debug HTTP Event Collector port issues in the troubleshooting page:
https://docs.splunk.com/Documentation/DBX/3.1.4/DeployDBX/Troubleshooting
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The token is created by the app as db-connect-http-input
the port unchanged by default 8080, ssl is enabled
it's not a distributed environment, it's a full (all-in) instance.
i checked index=_internal 8088 for errors but in vain.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
