- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: DB Connect V2: How to create a lookup for an O...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DB Connect V2: How to create a lookup for an Oracle DB that contains 33 millions entries?
Hi,
when we try to create a dblookup, based up DB Connect v2, out of a tableview from an Oracle DB with 33 million entries we always get the following error message, after we execute a splunk query that uses the lookup:
09-14-2016 14:59:05.855 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxlookup.py bic_testlookup': Traceback (most recent call last):
09-14-2016 14:59:05.855 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxlookup.py bic_testlookup': File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxlookup.py", line 114, in <module>
09-14-2016 14:59:05.855 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxlookup.py bic_testlookup': raise ex
09-14-2016 14:59:05.855 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxlookup.py bic_testlookup': RuntimeError: maximum recursion depth exceeded
09-14-2016 14:59:05.867 ERROR LookupOperator - Script for lookup table 'db_connect_bic_testlookup' returned error code 1. Results may be incorrect.
With DB Connect v1 our lookup definition with the exact same database worked perfectly fine. What has been changed in v2 and how can we fix it to make it work again?
Thank you in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
without the query, it is impossible to state what might be wrong. However, when you go from v1 to v2.1+ and things stop working, this is usually a good guess: http://docs.splunk.com/Documentation/DBX/2.3.0/DeployDBX/Troubleshooting#Database_inputs_or_lookups_...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I filed a case.
Here also the info:
steps to reproduce
1.) Create an Oracle database with a simple schema, six or seven field rows, but 33 million entries.
2.) Setup DBConnect v2 to access the database.
3.) Create a DB Lookup/Mapping based upon the database.
4.) Do a simple search that uses the lookup.
Example setup:
SQL statement out of the inputs.conf:
SELECT * FROM "DATA_HHDEV"."DATA_HHDEV"
transforms.conf:
[data_hhdev]
external_cmd = dblookup.py data_hhdev
fields_list = C_ID,CL_ID,FOOID,AA_ID,SOURCE_ID,ID
savedsearch.conf (contains the scheduled search that uses the dblookup):
search = index=myindex Id="*" foostring | lookup data_hhdev ID as Id OUTPUT SOURCE_ID as scid FOOID as FOOID | collect index=summary testmode=0 marker="type=\"foo_type\""
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additional info: I switched of the query wrapping in the db_connections.conf, but no difference.
When i use "|lookup local=1 data_....." it is working.
When i look at the explanation for this switch, it does make sense:
Syntax: local=
Description: If local=true, forces the lookup to run on the search head and not on any remote peers.
Default: false
Since i don´t have dbconnect anywhere else, local=1 must be set when i want to use dbconnect for lookups. I have to test this further.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
