This documentation does not apply to the most recent version of Splunk® DB Connect.
For documentation on the most recent version, go to the latest release.
db_inputs.conf.spec
[<name>] description = <value> # optional # Description for this lookup interval = <value> # required # interval to fetch data from DB and index them in Splunk # It could be a number of seconds or a cron expression index = <value> # optional # index to store events imported in Splunk # If not specified default index is used source = <value> # optional # source associated to events indexed # By default, the stanza name will be used sourcetype = <value> # required # source type associated to events indexed host = <value> # optional # host associated to events indexed mode = (batch|advanced) # required # Operational mode. batch or advanced. connection = <value> # required # Indicates the database connection to work on. query = <value> # required # SQL statement to retrieve data from remote database connection. query_timeout = <int> # optional # the max execution time of a SQL, the default is 30 seconds. max_rows = <int> # optional # the max rows of data retrieval. the default is all (unlimited). fetch_size = <int> # optional # The number of rows to return at a time from the database. The default is 300. batch_upload_size = <int> # optional # Number of rows to be uploaded to HEC in one batch. Default is 1000. tail_rising_column_name = <value> # optional if batch mode # at tail mode, the rising column is the column which is always rising as the checkpoint of the tail loading. tail_rising_column_fullname = <value> # optional if batch mode # fullname of input tail rising column, currently this value is used by front end only. tail_rising_column_number = <int> # optional if batch mode # at tail mode, the position of rising column in the data loading. input_timestamp_column_name = <value> # optional # the input timestamp column name, the data of this column will be the event time. If not set, dbinput will use the current timestamp as the event time. input_timestamp_column_fullname = <value> # optional # fullname of input timestamp column, currently this value is used by front end only. input_timestamp_column_number = <int> # optional # the timestamp column number at the position of the query. input_timestamp_format = <value> # optional # specify the format of input timestamp column, in JavaSimpleDateString format. max_single_checkpoint_file_size = <int> # optional # Max checkpoint file size before archiving checkpoint file in bytes. Default is 10MB, max is 100MB. ui_query_mode = (simple|advanced) # optional # specify whether the ui should use simpple mode or adanced mode for SQL queries ui_query_catalog = <value> # optional # in simple mode, this value will be pre-populated into the catalog dropdown ui_query_schema = <value> # optional # in simple mode, this value will be pre-populated into the schema dropdown ui_query_table = <value> # optional # in simple mode, this value will be pre-populated into the query dropdown
Example
[test_input] interval = 3600 index = main sourcetype = dummy_type mode = batch connection = test_connection query = SELECT * FROM `sakila`.`actor` max_rows = 100 ui_query_catalog = sakila ui_query_mode = simple ui_query_schema = NULL ui_query_table = actor [test_advanced_input] interval = 3600 index = main sourcetype = dummy_type mode = advanced connection = test_connection query = SELECT * FROM `sakila`.`actor` where actor_id >= ? order by actor_id max_rows = 100 ui_query_catalog = sakila ui_query_mode = advanced ui_query_schema = NULL ui_query_table = actor tail_rising_column_name = actor_id
Last modified on 19 June, 2017
| db_connections.conf.spec | db_outputs.conf.spec |
This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3
Download manual
Feedback submitted, thanks!