All Apps and Add-ons

SQL to Splunk Query conversion

aravindan_v
Explorer

The following SQL query needs a splunk query replacement.
We are facing difficulty with the conversion of sub-query.
Please Help!!

Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad

where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','BA')
and x.ASNUM < adt.ASNUM)) as ldl

from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B');

Tags (2)

aravindan_v
Explorer

Below mentioned are the tables and the query used:

Table1

PNUM ANUM actno ASNUM

1001 3737 AD 585

1011 3737 L1 586

1111 3737 B1 587

1131 3737 NA 587

1002 3637 AB 588

table2

PNUM actno

2001 AD

2011 L1

2111 B1

2121 NA

1001 AD

1002 AB

Select x.PNUM, (select distinct ad.ANUM
from TABL1 ad
where ad.PNUM = a.PNUM
and ad.ASNUM = (select min(adt.ASNUM)
from TABL1 adt
where adt.PNUM = a.PNUM
and adt.actno in ('A','B','AB')
and x.ASNUM <= adt.ASNUM)) as ldl

from TABL2 a
inner join
TABL1 x
on x.PNUM = a.PNUM
WHERE x.actno in ('A','B','AB');

This needs exact splunk query replacement.
We used DB connect, but as per requirement splunk query will be our best fit.

we added database input to fetch data from external db.
will this suffice or any other setup is required?

0 Karma

Ayn
Legend

Read Drainy's answer.

0 Karma

aravindan_v
Explorer

Ran the query using the DBconnect/DBQuery.
All that i needed to do was connect to the DB using dbconnect & then using the dbquery.
| dbquery "DB conn name" "Select query ...."
and the result came out like magic.

MuS
Legend

yeah, Splunk is sometimes pure magic 😉

Drainy
Champion

So... its not really a simple matter of "converting" a SQL query into Splunk. If you could provide some sample data and what you're trying to achieve then someone may be able to help.
It doesn't look too complicated though from what you've pasted above, what have you tried so far?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...