All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set up a Splunk DB Connect 2 Lookup/Input Update

nikkkc
Path Finder
‎02-17-2016 02:29 AM

Hi guys,

Is it possible to use the DB Connect lookup like inputlookup? I do not need to join the lookup data with other events and the data should always be up to date, as is always the case in the external database. This is why I don't want to use the input, because it is not possible to update the indexed data, right? I hope someone can follow me.

In my case I have to illustrate data from an external database on a Splunk dashboard. The external data is triggered from another application and the view should always be up to date. Old records are useless and annoying in my query.

Thank you so much!
cheers

0 Karma
Reply

nikkkc
Path Finder
‎02-17-2016 05:04 AM

sorry i read this but it didnt answer my question...

0 Karma
Reply

javiergn
Super Champion
‎02-17-2016 05:15 AM

Is it possible to use the db connect lookup like inputlookup? I do not need to join the lookup data with other events and the data should always be up to date, as is always the case in the external database

Yes, take a look again at the dbxquery command again and focus on the examples. There's no inputlookup command, it's called dbxquery instead. For instance, your query could be:

| dbxquery query="SELECT * FROM tableFoo" connection="FooBar"
| do something else

That's assuming you are running DB Connect 2. If that's not your case you can always use dbquery instead:

http://docs.splunk.com/Documentation/DBX/1.0.11/DeployDBX/Commands

Let me know if that helps.

0 Karma
Reply

javiergn
Super Champion
‎02-19-2016 04:21 AM

Hi @nikkc, please don't forget to mark it as answered if you are happy with the response so that others can benefit from it.

Otherwise it'll look as unanswered forever and ever and ever...

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...