I have a db input setup to take a dump using a query once a day.
My settings are
-Dump
-I have a custom query
-Key-Value Format
-Include Timestamp
Everytime that the input runs i get duplicates of each event. My query returns results that dont contain a timestamp which is why I configured the input to create one. Each duplicate event will have the same splunk generated timestamp.
If i run the same query with the dbquery command i get the correct number of results
Any ideas why this is happening?