Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

db_outputs.conf.spec

[<name>]
description = <value>
# Description for this output

interval = <value>
# required
# interval to fetch data from DB and index them in Splunk
# It could be a number of seconds or cron expression

connection = <value>
# Indicates the database connection to persist splunk data.

table_name = <value>
# Indicates the table name used for output data.

using_upsert = <value>
# optional

unique_key = <value>
# optional

query_timeout = <int>
# optional
# the max execution time of a SQL, the default is 30 second.

search = <value>
# Indicates the splunk search to pull data for output.

is_saved_search = (true | false)
# optional
# Whether or not the search is a saved search name

time_out = <int>
# optional
# the max execution time of a dboutput, the default is unlimit if not set.

customized_mappings = <value>
# mandatory

# Pre v2.2.0 it indicates the output data name (fieldx) and database column number (1...n) mappings.
# It is in the format of list as field1:column1,field2:column2,…,fieldn that will map to SQL
# “INSERT INTO myTable (column1, column2, …, column) VALUES (?, ?, …., ?)"
# After v2.3.0 a new field was added to represent the column type, so the format would be
# field1:column1:type1,field2:column2:type2,…,fieldN:columnN:typeN.
# Previous format can work properly without change, DBX can decide the type automatically.
#
# example1: field1:column1, field2:column2, field3:column3
#     that will map to "INSERT INTO myTable (column1, column2, column3) VALUES (?, ?, ?)
# example2: field1:column1:4,field2:column2:12,field3:column3:93
#     that will map to "INSERT INTO myTable (column1, column2, column3) VALUES (?, ?, ?), with type information (integer, varchar, timestamp)

ui_mappings = <value>
# optional
# JSON mappings, purely for storage purposes

ui_selected_fields = <value>
# optional
# JSON array of selected fields, purely for storage purposes

ui_saved_search_str = <value>
# optional
# saved search string of the current saved search

ui_query_sql = <value>
# optional

ui_query_mode = (simple|advanced)
# optional

ui_query_catalog = <value>
# optional

ui_query_schema = <value>
# optional

ui_query_table = <value>
# optional

Example 

[test_output]
description = this is a test output
interval = 40 * * * *
connection = test_connection
table_name = `test_table`
using_upsert = 0
search = index=main | stats count(*) by test_column
is_saved_search = 0
time_out = 6000
customized_mappings = test_column:varchar_col:12
ui_mappings = [{"inputField":"test_column","outputField":"test_output_column","valType":"VARCHAR","sqlType":"12"}]
ui_selected_fields = [{"value":"skip","label":"Skip this Column"},{"value":"test_column","label":"test_column"}]
ui_query_catalog = test_catalog
ui_query_schema = NULL
ui_query_table = output_test
Last modified on 19 June, 2017
db_inputs.conf.spec   db_lookups.conf.spec

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters