Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 1.1.6: Why are MS SQL dbquery results sent to an index using a database input not parsing all fields correctly?

aervillar
New Member
‎04-16-2015 03:52 PM

I am using Splunk DB Connect 1.1.6 to connect to a SQL database. The dbquery using select * from databasename works fine and I can see all fields with the correct values.

My next step is to create a data input using a database input. Everything looks to work fine, but I realize the parsing is not correct. Splunk is not bringing in all the fields.... I am now sending the data to a lookup table, and then from that table, indexing, but I am curious why and how I can fix this issue.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-09-2015 04:17 PM

I don't understand why you would do that instead of using a regular database input? dbquery into a collect introduces a bunch of needless complexity around timestamp detection that could be root of your problem.

0 Karma
Reply

avillarworldban
New Member
‎05-10-2015 06:11 AM

Maybe I was not clear, I am using dbconnect but the parsing on SQL dbs does not work as expected when sending the data to a index. I need historical data so I have to send somewhere. Indexing does not work so I have to send to a lookup first and then from the lookup to the index it works fine. Connection to oracle are OK and I can collect data daily with dbconnect and send directly to the index. Maybe dbconnect 2 fixed this issue.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-10-2015 08:46 AM

DB Connect 2 is easier to use, but it's impossible to tell what your issue is without looking at data and SQL statements. You're probably better off opening a support case than posting on a forum.

0 Karma
Reply

avillarworldban
New Member
‎05-09-2015 04:52 PM

I don't know other way to connect to a database. This was recommended by a Splunk engineer to download the apps and the use it to connect. Any link to your suggestion would help me. Thanks

0 Karma
Reply

ppablo
Retired
‎04-16-2015 04:18 PM

Hi @aervillar

Are you using DB Connect 1 or DB Connect 2?

0 Karma
Reply

aervillar
New Member
‎04-16-2015 05:07 PM

I gues version 1.1.6 (from about link)

0 Karma
Reply

ppablo
Retired
‎04-16-2015 05:11 PM

Thanks for getting back. I was editing your post to improve visibility of your issue, but needed to know the correct version to tag the official app appropriately.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...