All Apps and Add-ons

Splunk DB Connect 2: rising_column empty from the GUI due to sub-query ?


Hello, From the GUI (DB Input), it seems that Splunk is unable to detect any Rising Column due to our sub query:



	sys.fn_get_audit_file (
		(SELECT TOP(1) e.audit_file_path FROM [sys.dm_server_audit_status] e  WHERE = 'Audit-select-statement'), default, default)
     event_time > ? 
ORDER BY event_time ASC




unfortunately, Splunk DB Connect is unable to detect any rising column. If I remove the SELECT TOP(1), the rising column appear again. The goal is to query the audit table with the current filename.

I saw another discussion ( but seems the enhancement request (DBX-564) is still not ready.

Would anyone happen to have the same issue ?

Kind Regards,


Labels (1)
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...