All Apps and Add-ons

Splunk DB Connect 2: rising_column empty from the GUI due to sub-query ?


Hello, From the GUI (DB Input), it seems that Splunk is unable to detect any Rising Column due to our sub query:



	sys.fn_get_audit_file (
		(SELECT TOP(1) e.audit_file_path FROM [sys.dm_server_audit_status] e  WHERE = 'Audit-select-statement'), default, default)
     event_time > ? 
ORDER BY event_time ASC




unfortunately, Splunk DB Connect is unable to detect any rising column. If I remove the SELECT TOP(1), the rising column appear again. The goal is to query the audit table with the current filename.

I saw another discussion ( but seems the enhancement request (DBX-564) is still not ready.

Would anyone happen to have the same issue ?

Kind Regards,


Labels (1)
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...