All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

[Splunk 7.0.x + Db connect 3.1.2-] Why are some users encountering this error and unable to run dbxquery or use the dbx app?

sylim_splunk
Splunk Employee
Splunk Employee
‎02-05-2018 09:35 AM

alt textSplunk Enterprise Version 7.0 installed and Splunk DB Connect 3.1.0.19 installed. Same LDAP for the whole group. Some people can't access the X Query. will attach a screenshot. Error in DB XQuery command invalid in search command during setup

Tags (2)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎02-05-2018 09:47 AM

If you find error messages from the SID, like below in search.log, then you are hitting a known issue which can be worked around by

i) timezone reset to default ( Web UI > userName > settings ) OR
ii) Add shebang to command.sh - i.e below is for db connect running on linux system.
vi splunk_app_db_connect/linux_x86_64/bin/command.sh

#!/bin/bash <--- Add this to the 1st line of the file.

Error messages in search.log
10-02-2017 17:21:42.843 INFO ChunkedExternProcessor - Running process: /opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/command.sh -Dlogback.configurationFile=../config/command_logback.xml -DDBX_COMMAND_LOG_LEVEL=ERROR -cp ../jars/command.jar com.splunk.dbx.command.DbxQueryCommand
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Failure starting process
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.

If none of above are working then please open a support case with a diag which has dispatch directory of the SID for further investigation.

View solution in original post

Reply
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎02-05-2018 09:47 AM

If you find error messages from the SID, like below in search.log, then you are hitting a known issue which can be worked around by

i) timezone reset to default ( Web UI > userName > settings ) OR
ii) Add shebang to command.sh - i.e below is for db connect running on linux system.
vi splunk_app_db_connect/linux_x86_64/bin/command.sh

#!/bin/bash <--- Add this to the 1st line of the file.

Error messages in search.log
10-02-2017 17:21:42.843 INFO ChunkedExternProcessor - Running process: /opt/splunk/etc/apps/splunk_app_db_connect/linux_x86_64/bin/command.sh -Dlogback.configurationFile=../config/command_logback.xml -DDBX_COMMAND_LOG_LEVEL=ERROR -cp ../jars/command.jar com.splunk.dbx.command.DbxQueryCommand
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Failure starting process
10-02-2017 17:21:42.844 ERROR ChunkedExternProcessor - Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.

If none of above are working then please open a support case with a diag which has dispatch directory of the SID for further investigation.

Reply
Solved! Jump to solution

sylim_splunk
Splunk Employee
Splunk Employee
‎03-27-2018 10:18 AM

The fix is now available in Splunk DB Connect 3.1.3

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...