All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DB Connect 2 with MySQL: Why am I unable to set up the timestamp field in the GUI and getting timeout errors for my dbinput?

kuklein
Engager
‎04-17-2015 06:45 AM

Hi there,

I ran into some Issues with DB Connect 2 DB-Input on Splunk 6.1 and MySQL:
1. I've tried several ways to get a timestamp field setup in the GUI:
- normal datetime fields seem to be misinterpreted to wrong dates
- if I try a characterfield, the Javadate format does not allow a format like "yyyy-MM-dd HH:mm:ss"
- if i try a conversion inside the query with unix_time; I get an Error about bigint not supported as timestamp
2. Where clauses are not possible through GUI if you're working in tail mode
3. Through the Limitations in 2 I have a fairly complex view setup where the query takes around 5 minutes on my systems. I've enabled the Debug Logging for dbx2.log and found the following Statements showing some kind of timeout for the dbinput service, but also stating that the query could take up to an hour:

/04/17/2015 14:59:14 [CRITICAL] [ws.py] [DBInput Service] timed out

[DEBUG] [mi_input.py] The execution time is 327.349689 seconds for this dbinput [mi_input://otrs-ticket-view-3] and its maximum query timeout setting is 3600 seconds

Any Ideas?

Thx in advance

Kai

0 Karma
Reply

bchoi_splunk
Splunk Employee
Splunk Employee
‎04-27-2015 12:24 PM

Hi Kai,

We are aware of this problem and the patch for this problem is tentatively slated for 2.0.2. In the mean time you can get this to work by making a small modification in /bin/mi_base.py.

Line 117: should_execute = self.clustering_precheck()

replace this line with should_execute = True

Please do this only when you run dbx on a forwarder. This workaround has not been extensively tested either. This workaround should be used at your own risk.

0 Karma
Reply

kuklein
Engager
‎04-27-2015 11:06 PM

Thx so far, will test it later this week.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...