Bulk operations of the database inputs
At some point, you may need to create, change or delete multiple inputs from different connections at the same time. From Splunk DB Connect 3.1.0, you can do this by performing a bulk operation. The bulk operation includes:
Create multiple inputs
The bulk creation allows you to create multiple inputs using different connections at the same time. To perform a bulk creation, go to Data lab > Input and choose Create under the drop-down list of Bulk Actions. Complete the following procedures to bulk create multiple inputs and then click Finish.
Select the connections which will be used by the new inputs you create. If you want to select all connections, check the checkbox in the table header.
Once you have selected the connections, Splunk DB Connect will try to validate them and displays the status of the connections at the right side of the page. If you have a connection which is not valid, you can edit it on the create and manage database connection page and validate it again by clicking Revalidate all.
Note: Be aware that you can continue to the next step even there are invalid connections, but the invalid connection(s) may impact the data you want to fetch from the database and the input will not be created successfully. Splunk recommends you to make sure all the connections you select are valid before going to the next step.
Configure the following settings and then preview the result of one connection before clicking Next.
Note: The meaning and verification of bulk input settings is the same as single input. If you need more information, see create a database input for details.
- Template: Choose the template you want to use for the inputs. If you do not want to use the template, leave this field blank. If you create inputs by using a template, all the settings from the template will be set for the inputs. You can change them based on your needs, be aware that the changes will be saved to the input you create but not to the template.
- Input Type: Choose the input type for the inputs, either Batch or Rising.
- SQL Query: Specify the SQL query that you want to use.
- Timestamp: Specify the timestamp column you want to use. You can use Current Index Time or choose the timestamp column by selecting Choose Column.
- Query Timeout: Optional. The number of seconds to wait for the query to complete. The default is 30 if you leave it blank.
- Name Prefix: Specify the prefix for the inputs you create. All the inputs you create in one bulk creation operation will have the same prefix.
- Description: Optional. The description of the inputs.
- Application: The name of the Splunk Enterprise app where this input object will be saved. By default, the pop-up menu is set to Splunk DB Connect.
- Max row to retrieve: Optional. The maximum number of rows to retrieve with each query. If you set this to 0 or leave it blank, it will be unlimited.
- Fetch size: Optional. The number of rows to return at a time from the database. The default is 300 if you leave it blank.
- Execution Frequency: The number of seconds or a valid cron expression e.g. 0 18 * * * (every day at 6PM).
- Host Value: Optional.The host defined on the connection will be used if you leave it blank.
- Source: Optional. The source field value for Splunk Enterprise to assign to queried data as it is indexed.
- Source Type: The sourcetype field value for Splunk Enterprise to assign to queried data as it is indexed.
- Index: The index in which you want Splunk Enterprise to store indexed data. You can enter the index name or choose it from the typeahead menu.
After configuring the input settings, you can choose one connection to preview the result. Choose one connection from the drop-down list and click Execute SQL. The result of this connection will be displayed on the preview page. If you are satisfied with the result, click Next. Otherwise, go back and edit the input settings until you get expected result.
On the confirmation page, review the inputs settings and then click Finish.
Edit multiple inputs
This bulk operation allows you to edit multiple inputs at the same time. The bulk edit operations available depend on the inputs selected and the nature of the field(s) you want to change.
To perform a buck editing, go to Data lab -> Input and choose Edit under the drop-down list of Bulk Actions.
Then complete the following steps,
- Select Inputs. Select the inputs you'd like to perform the bulk operation on, and click Next.
- Edit Inputs. Select the field(s) which you want to edit by checking the field's name and enter the value of the field. Once you have modified the value of the field, it will be set to all inputs you selected. For the detailed description about each field, see input settings.
Note: To make the inputs consistent, there are some constraints and dependency on editing the inputs fields.
- If you want to edit the input type, configure the following dependent fields based on the input type you choose.
- Batch input type: SQL Query field, timestamp field.
- Rising input type: SQL Query field, Rising Column field (checkpoint value) and timestamp field.
- If you want to edit the SQL Query field, the following dependent field needs to be updated.
- Batch input type: timestamp field.
- Rising input type: Rising Column field (checkpoint value) and timestamp field.
The dependent fields will be greyed out in Splunk UI before you specifying the Input Type or SQL query field if they have different values.
- Select an input to preview the result and then click Next.
- On the confirmation page, review the settings you edit for the selected inputs and then click Finish.
Delete multiple inputs
The bulk operation allows you to delete multiple inputs at the same time. To perform a bulk deletion, go to Data lab -> Input and choose Delete under the drop-down list of Bulk Actions.
On the Delete inputs page, select the inputs names you want to delete and click Next. A confirmation dialog box pops up and lists all the inputs you want to delete. If you are OK to delete all the inputs, click Yes, delete all or otherwise Cancel.
Create and manage database inputs
Create and manage database outputs
This documentation applies to the following versions of Splunk® DB Connect: 3.1.0, 3.1.1, 3.1.2