All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Show fields containing X?

kbcuait
Explorer
‎05-08-2013 03:54 PM

Hi, I'm using dbconnect app

Have some fields that contain long strings of text, want to search for only those results that have a certain word (X) within them

To phrase it another way trying to do something like this:

| dbquery "MYDB" "select text_field from my_table where text_field contains "Description""

Thanks 🙂

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Jon_Webster
Splunk Employee
Splunk Employee
‎05-09-2013 08:23 PM

What you're trying to do is restrict your results in your SQL query. It should look like this:

| dbquery "MYDB" "SELECT text_field FROM my_table WHERE text_field LIKE '%Description%' "

The "LIKE" command searches for any string that contains the string you feed it. The "%" character is a wildcard, so %description% will match any text field that contains the string 'description'.

Also be sure to verify the correct use of SQL quotes within your Splunk search.
Here's a simple manual page on the subject:

http://www.techonthenet.com/sql/like.php

View solution in original post

Reply
Solved! Jump to solution
Solution

Jon_Webster
Splunk Employee
Splunk Employee
‎05-09-2013 08:23 PM

What you're trying to do is restrict your results in your SQL query. It should look like this:

| dbquery "MYDB" "SELECT text_field FROM my_table WHERE text_field LIKE '%Description%' "

The "LIKE" command searches for any string that contains the string you feed it. The "%" character is a wildcard, so %description% will match any text field that contains the string 'description'.

Also be sure to verify the correct use of SQL quotes within your Splunk search.
Here's a simple manual page on the subject:

http://www.techonthenet.com/sql/like.php

Reply
Solved! Jump to solution

rgcurry
Contributor
‎05-09-2013 06:11 AM

Have you tried this (using your SQL as a guide to the Splunk Search Language equivalent):

index=mydb sourcetype=my_table "Description"

Alternatively, you can use search time field extractions to create a "description" field, then you can selectively search your data for something specific in "Description". Check it out at http://docs.splunk.com/Documentation/Splunk/5.0.2/Knowledge/Addfieldsatsearchtime.

0 Karma
Reply
Solved! Jump to solution

kbcuait
Explorer
‎05-09-2013 09:11 AM

Hi, "No matching events found" – I'm not sure how to search the db without using | dbconnect (I don't see the db info listed in the summary anywhere)

...Where to go from here?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...