Create and manage bulk operations of the database inputs
At some point, you might need to create, change or delete multiple inputs from different connections at the same time. From Splunk DB Connect 3.1.0, you can do this by performing a bulk operation. The bulk operation includes:
Create multiple inputs
The bulk creation let's you create multiple inputs using different connections at the same time. To run a bulk creation, go to Data lab > Input and select Create under the list of Bulk Actions. Complete the following procedures to bulk create multiple inputs and then select Finish.
- Select Connections
- Input Settings and preview the result
Select the connections used by the new inputs you create. If you want to select all connections, check the check box in the table header.
Once you have selected the connections, Splunk DB Connect validates them and displays the status of the connections on the side of the page. If you have a connection which is not valid, you can edit it on the create and manage database connection page and validate it again by clicking Revalidate all.
Note: Be aware that you can continue to the next step even if there are invalid connections, but the invalid connections might impact the data you want to retrieve from the database and Splunk might not create the input successfully. Splunk best practice is to make sure all the connections you select are valid before the next step.
Configure the following settings and then preview the result of one connection before clicking Next.
Note: The meaning and verification of bulk input settings is the same as single input. If you need more information, see create a database input for details.
- Template: Select the template you want to use for the inputs. If you do not want to use the template, leave this field blank. If you create inputs by using a template, Splunk sets all the settings from the template for the inputs. You can change them based on your needs, be aware that Splunk saves the changes to the input you create but not to the template.
- Input Type: Select the input type for the inputs, either Batch or Rising.
- SQL Query: Specify the SQL query that you want to use.
- Timestamp: Specify the timestamp column you want to use. You can use Current Index Time or select the timestamp column by selecting Choose Column.
- Query Timeout: Optional. The number of seconds to wait for the query to complete. The default is 30 if you leave it blank.
- Name Prefix: Specify the prefix for the inputs you create. All the inputs you create in one bulk creation operation has the same prefix.
- Description: Optional. The description of the inputs.
- Application: The name of the Splunk Enterprise app where this input object gets saved. By default, the pop-up menu uses Splunk DB Connect.
- Max row to retrieve: Optional. The maximum number of rows to retrieve with each query. If you set this to 0 or leave it blank, you can have unlimited rows.
- Fetch size: Optional. The number of rows to return at a time from the database. The default is 300 if you leave it blank.
- Execution Frequency: The number of seconds or a valid cron expression. For example, "0 18 * * *" (every day at 6 PM).
- Host Value: Optional. Splunk uses the host defined on the connection if you leave it blank.
- Source: Optional. The source field value for Splunk Enterprise to assign to queried data when indexing.
- Source Type: The sourcetype field value for Splunk Enterprise to assign to queried data when indexing.
- Index: The index in which you want Splunk Enterprise to store indexed data. You can enter the index name or select it from the typeahead menu.
After configuring the input settings, you can select one connection to preview the result. Select one connection from the list and select Execute SQL. The result of this connection displays on the preview page. To proceed, select Next. Otherwise, go back and edit the input settings until you get the expected result.
On the confirmation page, review the input settings and then select Finish.
Edit multiple inputs
This bulk operation let's you edit multiple inputs at the same time. The bulk edit operations available depend on the inputs selected and the nature of the fields you want to change.
To run a bulk editing, go to Data lab -> Input and select Edit under the list of Bulk Actions.
Then complete the following steps,
- Select Inputs. Select the inputs you'd like to run the bulk operation on, and select Next.
- Edit Inputs. Select the fields which you want to edit by checking the field's name and enter the value of the field. Once you have modified the value of the field, that field modifies all inputs you selected. For the detailed description about each field, see input settings.
Note: To make the inputs consistent, there are some constraints and dependency on editing the input fields.
- If you want to edit the input type, configure the following dependent fields based on the input type you select.
- Batch input type: SQL Query field, timestamp field.
- Rising input type: SQL Query field, Rising Column field (checkpoint value) and timestamp field.
- If you want to edit the SQL Query field, you must update the following dependent fields.
- Batch input type: timestamp field.
- Rising input type: Rising Column field (checkpoint value) and timestamp field.
The dependent fields get greyed out in Splunk Web before you select the Input Type or SQL query field if they have different values.
- Select an input to preview the result and then select Next.
- On the confirmation page, review the settings you edit for the selected inputs and then select Finish.
Delete multiple inputs
The bulk operation let's you delete multiple inputs at the same time. To run a bulk deletion, go to Data lab -> Input and select Delete under the list of Bulk Actions.
On the Delete inputs page, select the input names you want to delete and select Next. A confirmation dialog box pops up and lists all the inputs you want to delete. If you are OK to delete all the inputs, select Yes, delete all or otherwise Cancel.
Create and manage database inputs
Create and manage database outputs
This documentation applies to the following versions of Splunk® DB Connect: 3.12.1, 3.12.2, 3.13.0
Feedback submitted, thanks!