- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- SQL to Splunk Query conversion
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SQL to Splunk Query conversion
The following SQL query needs a splunk query replacement.
We are facing difficulty with the conversion of sub-query.
Please Help!!
Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad
where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','BA')
and x.ASNUM < adt.ASNUM)) as ldl
from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B');
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below mentioned are the tables and the query used:
Table1
PNUM ANUM actno ASNUM
1001 3737 AD 585
1011 3737 L1 586
1111 3737 B1 587
1131 3737 NA 587
1002 3637 AB 588
table2
PNUM actno
2001 AD
2011 L1
2111 B1
2121 NA
1001 AD
1002 AB
Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad
where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','AB')
and x.ASNUM <= adt.ASNUM)) as ldl
from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B','AB');
This needs exact splunk query replacement.
We used DB connect, but as per requirement splunk query will be our best fit.
we added database input to fetch data from external db.
will this suffice or any other setup is required?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Read Drainy's answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ran the query using the DBconnect/DBQuery.
All that i needed to do was connect to the DB using dbconnect & then using the dbquery.
| dbquery "DB conn name" "Select query ...."
and the result came out like magic.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yeah, Splunk is sometimes pure magic 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So... its not really a simple matter of "converting" a SQL query into Splunk. If you could provide some sample data and what you're trying to achieve then someone may be able to help.
It doesn't look too complicated though from what you've pasted above, what have you tried so far?
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
