topic Re: How to integrate dbxquery query with Splunk search in Splunk Search

How to integrate dbxquery query with Splunk search

aditsss — Tue, 18 Aug 2020 14:46:39 GMT

Re: How to integrate dbxquery query with Splunk search

aditsss — Tue, 18 Aug 2020 14:49:13 GMT

Re: How to integrate dbxquery query with Splunk search

richgalloway — Mon, 17 Aug 2020 12:07:53 GMT

Patience, Grasshopper. You posted on a Sunday when most users are living their lives rather than hanging out here. Even on work days, it may take a while to get an answer, especially when the question doesn't describe the desired result.

Have you tried using append to combine the two queries?

|dbxquery query="SELECT \"id\", \"name\", \"chain\" FROM flows;" connection="Postgres" | append [ search index=xyz sourcetype=xy source="logs" groups (CLIENT_Id ="*") |rex field=Request_URL "\/(?<Group>[^\/]+)$" | convert timeformat="%Y-%m-%d" ctime(_time) AS Date | stats count by Date CLIENT_Id GroupRequest_URL | sort - CLIENT_Id | rename Group as id ] | stats values(*) as * by id

Re: How to integrate dbxquery query with Splunk search

aditsss — Tue, 18 Aug 2020 14:47:50 GMT

Re: How to integrate dbxquery query with Splunk search

richgalloway — Mon, 17 Aug 2020 13:05:50 GMT

Remove the final stats command and check the results to see if the DB fields are present.