I am having a RDBMS connected to Splunk via DB Connect. Inside that RDMS there is a table which stores queries that I have to excecute on splunk. For example: one row is like this IdSearch_String
1 index="XYZ" sourcetype=ABC | convert ctime(_time) as Time timeformat="%U" | stats dc(source) by Time
So my requirement is, I have to fetch this search string from my DB (which I am able todo using DBConnect) and automatically execute on Splunk (which I don't know how to do) to generate report.
Is it possible to do? If yes, then how to do it. Since I am beginner on Splunk, please guide me on this.
Is your intent to execute only one query at a time? If so,
Step 1) You can feed your dbxquery to populate a table with two columns Id and Search_String (PS: In order to mock the data from Database, I have used makeresults, you can use your current query instead).
Step 2) You can create table <drilldown> to create queryString with the query fetched from the Database Search using $row.Search_String$ token.
Step 3) Finally use the $queryString$ token in the other search that you want to execute. PS: I have included a Time input control with `tokTime, to ensure that the second search run for required duration of time.