Re: Why do inputs stay disabled in DBConnect V3.0....

tweaktubbie · ‎03-24-2017

In V2.4.0 there was the auto_disable stanza line to keep every input enabled (had to set in the input config with every input, not possible from splunkweb, should be one overall setting from the console). Since the update the documentation says

Retry policy on scheduled task failures is changed
Rapid retry policy of scheduled tasks for failing inputs and outputs is disabled. DB Connect 3 does not retry failed tasks until the next interval. Consequently, the auto_disable setting is deprecated; it will not cause configuration validation errors, but it is no longer functional.

We now notice that for example some queries on a database get disabled, whilst others continue to stay enabled. "the next interval" - some jobs are set to run every few minutes, they however stay disabled. When enabling manually, they actually run and stay active.

Not sure if it's a bug or what exactly is the 'next interval'? More important would be the possibility to auto-re-enable or at least have some monitoring query to point out inputs going to disabled.

jcoates_splunk · ‎03-24-2017

hi,

next interval means the next time that it should have run... let's say the input is set to run every 10 minutes and it's started at 12:00 with a bad password.

In DBX2, it would start at 12:00:00, 12:00:10, 12:00:20, 12:00:30, 12:00:40, 12:00:50, 12:01:00, and then self-disable.
In DBX3, it would start at 12:00:00, 12:10:00, 12:20:00, &c, and never self-disable.

Why do inputs stay disabled in DBConnect V3.0.2?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases