Re: All DB rows get input as one event

swathis · ‎01-14-2013

Hi,
I am getting below error when I add data using data inputs from MYSQL to splunk server using DB Connect.In moniter type I choose Dump.Data gets added but all the rows gets added as one event.
Here is the error at dbx.log
INFO:DumpDatabaseMonitor - Executing database monitor
ERROR:DumpDatabaseMonitor - DBMon Error while executing monitor= com.splunk.dbx.monitor.DbmonException: Cancelling subsequent run of oneshot dump monitor.
Please advise as how i can solve the issue.

swathis · ‎01-16-2013

I hadn't checked output timestamp once I checked on it...I am getting it correctly.Thanks a ton..

ziegfried · ‎01-15-2013

Results from DB Connect being merged into a single event can be solved by

Creating a custom sourcetype with specific line breaking/merging rules to create individual events for every line
Enabling the database input to output timestamps (ie. just checking the box "Output timestamp")

The error message you're experiencing is actually intended behavior. And as of version 1.0.7 it's not logged anymore. The behavior for a database input of type "dump" without a specific schedule it to index results once and then cancel any subsequent execution.

swathis · ‎01-16-2013

Thanks DAN by checking the output timestamp solved the issue.Can you please explain more on how to create custom source type.I usually leave Sourcetype index and host field value empty.Thanks in advance..

Dan · ‎01-15-2013

Have you requested to output the timestamp?

All DB rows get input as one event

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases