I have installed DB CONNECT 2 in splunk ,and completed the configuration of identity and connection ,after choosing a schema and table inputs ,I don't know how to search with db connect ,how to analysis the input table ,can somebody give some advice? thanks
Try this:
|dbxquery connection=p11_inputs query="SELECT * FROM \"SYS\".\"DBA_LOBS\""
Or better yet, this:
|dbxquery connection=p11_inputs query="SELECT * FROM SYS.DBA_LOBS"
Did you watch the video that goes with it? The video is very step-by-step covering what to do once you get it installed. To get it installed, you need to install the app, install Java and install an appropriate driver for your DB. Then to get data you need to create an Identity (userID & PW) and a connection (IP & port plus an Identity). Click on "Advanced" and you should be able to send ad-hoc DB SQL commands. This is where you can explore your tablespaces, etc. Once you get that working, you access data in 1 of 3 modes depending on how you are using your data. It sounds like you need dbxquery
which can be done like this:
| dbxquery connection=MyConnection query="Insert SQL here"
when I use
|dbxquery connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
the error occurs ,have you seen it before ,thanks ,woodcock.
Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:14.770 INFO dispatchRunner - initing LicenseMgr in search process: nonPro=1
07-09-2015 12:03:14.805 INFO dispatchRunner - registering build time modules, count=0
07-09-2015 12:03:14.805 INFO dispatchRunner - Splunkd starting (build 245427).
07-09-2015 12:03:14.805 INFO dispatchRunner - System info: AIX, BWPRDCI, 1, 6, 00CF5AAF4C00.
07-09-2015 12:03:14.805 INFO dispatchRunner - Detected 38 (virtual) CPUs and 88064MB RAM
07-09-2015 12:03:14.805 INFO dispatchRunner - Maximum number of threads (approximate): 32767
07-09-2015 12:03:14.805 INFO dispatchRunner - Arguments are: "search" "--id=1436410994.10705" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=0" "--lookups=1" "--reduce_freq=10" "--rf=*"
07-09-2015 12:03:14.805 INFO dispatchRunner - Getting search configuration data from: /opt/splunk_install/splunk/etc/modules/parsing/config.xml
07-09-2015 12:03:14.858 INFO BundlesSetup - Setup stats for /opt/splunk_install/splunk/etc: wallclock_elapsed_msec=246, cpu_time_used=0.245348, shared_services_generation=2, shared_services_population=1
07-09-2015 12:03:14.868 INFO SessionManager - auth tokens will be generated with shpooling shared secret
07-09-2015 12:03:14.869 INFO UserManager - Setting user context: splunk-system-user
07-09-2015 12:03:14.869 INFO UserManager - Free version does not have user services
07-09-2015 12:03:14.869 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:14.879 INFO UserManager - Setting user context: admin
07-09-2015 12:03:14.879 INFO UserManager - Free version does not have user services
07-09-2015 12:03:14.879 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:14.972 INFO dispatchRunner - search context: user="admin", app="splunk_app_db_connect", bs-pathname="/opt/splunk_install/splunk/etc"
07-09-2015 12:03:15.012 INFO IndexProcessor - Initializing: readonly=true reloading=false
07-09-2015 12:03:15.051 INFO HotDBManager - idx=_audit Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.055 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.055 INFO HotDBManager - idx=_blocksignature Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO HotDBManager - idx=_internal Setting hot mgr params: maxHotSpanSecs=432000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1048576000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO HotDBManager - idx=_introspection Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=1073741824 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO HotDBManager - idx=_thefishbucket Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=524288000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO HotDBManager - idx=history Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=10485760 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.056 INFO HotDBManager - idx=main Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=10 maxDataSizeBytes=10737418240 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.056 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO HotDBManager - idx=summary Setting hot mgr params: maxHotSpanSecs=7776000 snapBucketTimespans=false maxHotBuckets=3 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
07-09-2015 12:03:15.057 INFO AuditTrailManager - audit stanza does not exist in audit.conf - no signing will take place
07-09-2015 12:03:15.057 INFO IndexProcessor - Initializing indexes took usec=5960 reloading=false indexes_initialized=8
07-09-2015 12:03:15.057 INFO SearchParser - PARSING: |dbxquery connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.157 INFO ISplunkDispatch - Not running in splunkd. Bundle replication not triggered.
07-09-2015 12:03:15.197 INFO UserManager - Setting user context: admin
07-09-2015 12:03:15.198 INFO UserManager - Free version does not have user services
07-09-2015 12:03:15.198 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.234 INFO script - found script file=/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py
07-09-2015 12:03:15.235 INFO script - stderr for script dbxquery will be added to search.log
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command.py", line 292, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': self.parser.parse(args, self)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command_internals.py", line 274, in parse
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': raise SyntaxError("Syntax error: %s" % ' '.join(argv))
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': SyntaxError: Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': Traceback (most recent call last):
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/__init__.py", line 226, in dispatch
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py __GETINFO__ connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': command_class().process(argv, input_file, output_file)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': File "/opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/splunk_sdk-1.2.3-py2.7.egg/splunklib/searchcommands/search_command.py", line 341, in process
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': exit(1)
07-09-2015 12:03:15.648 ERROR ScriptRunner - stderr from '/opt/splunk_install/splunk/bin/python /opt/splunk_install/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py GETINFO connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"': SystemExit: 1
07-09-2015 12:03:15.672 ERROR script - Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"
07-09-2015 12:03:15.672 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Setting user context: admin
07-09-2015 12:03:15.794 INFO UserManager - Free version does not have user services
07-09-2015 12:03:15.794 INFO UserManager - Done setting user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:15.794 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1436410994.10705', username='admin')
07-09-2015 12:03:15.795 INFO UserManager - Unwound user context: NULL -> NULL
07-09-2015 12:03:16.094 INFO ShutdownHandler - Shutting down splunkd
07-09-2015 12:03:16.094 INFO ShutdownHandler - shutting down level "ShutdownLevel_Begin"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_KVStore"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Thruput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput1"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_UdpInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FifoInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_WinEventLogInput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Scheduler"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Tailing"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_SyslogOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_HTTPOutput"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_TailingXP"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_BatchReader"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_PeerManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_ArchiveAndOneshot"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailManager"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AuditTrailQueueServiceThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeMonitor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_FSChangeManagerProcessor"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClientPollingThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_AsyncQueuedMessageDispatcherThread"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_OfflineFlusher"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_Slave"
07-09-2015 12:03:16.095 INFO ShutdownHandler - shutting down level "ShutdownLevel_SlaveSearch"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Select"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_IdataDO_Collector"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Database1"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_TcpInput2"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_LoadLDAPUsers"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_MetricsManager"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Pipeline"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Queue"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_Exec"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_CallbackRunner"
07-09-2015 12:03:16.096 INFO ShutdownHandler - shutting down level "ShutdownLevel_HttpClient"
07-09-2015 12:03:16.096 INFO ShutdownHandler - Shutdown complete in 1636 microseconds
07-09-2015 12:03:16.101 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'dbxquery' command: command="dbxquery", Syntax error: connection=p11_inputs query=SELECT * FROM "SYS"."DBA_LOBS"