topic Re: database conditional input in Knowledge Management

database conditional input

hugohctint — Sun, 06 May 2018 18:55:26 GMT

I have an oracle database connection that I need to run a select and look for records and then check whether or not each one if does not exist needs to be included as a new event. I had set a dbconnect input but I do not thing it would accept any conditional command against an index or sourcetype.

Thanks in advance for your help

Re: database conditional input

woodcock — Sun, 06 May 2018 19:01:46 GMT

I do not get the "look for" and "check whether" parts. We need much more detail here.

Re: database conditional input

hugohctint — Sun, 06 May 2018 22:13:53 GMT

sure, I give you an example (just seudo code):

something like... dbxquery < param> "SELECT * FROM Customer where Cust_NUM > "100" | search index=customer| if (customer) exits then "add the event into index" else skip

Is it more clear now?

Re: database conditional input

hugohctint — Sun, 06 May 2018 22:13:53 GMT

sure, I give you an example (just seudo code):

something like... dbxquery < param> "SELECT * FROM Customer where Cust_NUM > "100" | search index=customer| if (customer) exits then "add the event into index" else skip

Is it more clear now?

Re: database conditional input

woodcock — Mon, 07 May 2018 01:05:51 GMT

Now we are talking; try this:

index=customer
| stats count by customer
| table customer
| rename customer AS dropme
| format "customer IN(" "" "" "," "" ")"
| rex field=search mode=sed "s/dropme=//g s/,\s*\)/)/"
| map search="|dbxquery ... \"SELECT * FROM Cust_NUM > \"100\" AND $search$\""

Re: database conditional input

hugohctint — Mon, 07 May 2018 18:39:29 GMT

Hello Woodcock,
It think It is actually the other way. I need to find records on the database SELECT statement under a condition and then check if if they do not exist in the index as an event. Only if the new value does not exist in the index I need to "insert it" as a new event on the index.