All Apps and Add-ons

Splunk DB Connect 1 and Add-on for JIRA: Is there a way to use both dbquery and jirarest commands in the same search?

mrfredman
Path Finder

Hi,

I was hoping to pull data from two different databases. One is a postgres database I access using the dbquery app and one is a JIRA database that I access using the JIRA app.

Whenever I try to mix the two I get an error saying that the jirarest/dbquery must be the first command of a search.

Is there any way to use both commands in the same search? If not, are there any workarounds?

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Try something along these lines:

| dbquery "foo" "bar" | append [jirarest whatever parameters it needs] | ...

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

Try something along these lines:

| dbquery "foo" "bar" | append [jirarest whatever parameters it needs] | ...

Flynt
Splunk Employee
Splunk Employee

There are also ways to pass values from one search to another using the Map command. For example if your dbquery passes a JIRA key in a result.

|dbquery "foo" "bar"|map search="|jirarest jqlsearch \"key=$JIRAKEYFIELDFROMDBQUERY$\" "

Note that the map search should have the double quotes escaped and that the map command will only return results from its search and not the dbquery search in this instance. There are also ways to pass a multitude of values from dbquery to jirarest using the built in batch option in jirarest.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

How should one pass a value to the other in your example? Who to whom? What value? From where? Used where?
So many questions...

In general, the inner subsearch passes its results to the command that ran it. In my example, the jirarest subsearch passes its results to the append command. Other examples include searching for something in a subsearch and using its results as a filter for the main search.

0 Karma

mrfredman
Path Finder

That did the trick. Thanks!

New question leading off of that one.

Is it possible to pass values between the two?

Example:
|dbquery "foo"| append [jirarest jqlsearch "project="foo"]

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...