All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SQL to Splunk Query conversion

aravindan_v
Explorer
‎01-06-2014 01:40 AM

The following SQL query needs a splunk query replacement.
We are facing difficulty with the conversion of sub-query.
Please Help!!

Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad

where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','BA')
and x.ASNUM < adt.ASNUM)) as ldl

from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B');

Tags (2)
Reply

aravindan_v
Explorer
‎01-09-2014 02:17 AM

Below mentioned are the tables and the query used:

Table1

PNUM ANUM actno ASNUM

1001 3737 AD 585

1011 3737 L1 586

1111 3737 B1 587

1131 3737 NA 587

1002 3637 AB 588

table2

PNUM actno

2001 AD

2011 L1

2111 B1

2121 NA

1001 AD

1002 AB

Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad
where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','AB')
and x.ASNUM <= adt.ASNUM)) as ldl

from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B','AB');

This needs exact splunk query replacement.
We used DB connect, but as per requirement splunk query will be our best fit.

we added database input to fetch data from external db.
will this suffice or any other setup is required?

0 Karma
Reply

Ayn
Legend
‎01-09-2014 02:33 AM

Read Drainy's answer.

0 Karma
Reply

aravindan_v
Explorer
‎01-07-2014 03:43 AM

Ran the query using the DBconnect/DBQuery.
All that i needed to do was connect to the DB using dbconnect & then using the dbquery.
| dbquery "DB conn name" "Select query ...."
and the result came out like magic.

Reply

MuS
SplunkTrust
SplunkTrust
‎01-07-2014 03:57 AM

yeah, Splunk is sometimes pure magic 😉

Reply

Drainy
Champion
‎01-06-2014 11:13 AM

So... its not really a simple matter of "converting" a SQL query into Splunk. If you could provide some sample data and what you're trying to achieve then someone may be able to help.
It doesn't look too complicated though from what you've pasted above, what have you tried so far?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...