I currently have a connection set up from my Splunk search head(SH) in DB Connect to an external database where I'm trying to export the results of a Splunk search. The search works correctlyd. I have both read and write permissions to the relevant database and the target tables, my fields are mapped correctly, and I'm not seeing any errors in my internal db logs. The issue is, however, that despite everything appearing to work on the surface, I'm not seeing any data appear in the DB table as expected.
The data source for the search is indexed via an Http Event Collector connection. The goal is to take this indexed data, perform some aggregate calculations, and then export the result to another Database. I am able to access this index through my SH, but not through my Heavy Forwarder(HF). How can I get this data exported to this database? If it's not possible directly from the SH, then is there a way for me to first send the data to the HF and then establish a DB Connect connection from there?
Any and all help would be much appreciated!
... View more