All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 2: rising_column empty from the GUI due to sub-query ?

Anthony
Loves-to-Learn
‎10-17-2022 12:35 AM

Hello, From the GUI (DB Input), it seems that Splunk is unable to detect any Rising Column due to our sub query:

 

 

SELECT 
	event_time 
FROM 
	sys.fn_get_audit_file (
		(SELECT TOP(1) e.audit_file_path FROM [sys.dm_server_audit_status] e  WHERE e.name = 'Audit-select-statement'), default, default)
WHERE 
     event_time > ? 
ORDER BY event_time ASC

 

 

 

unfortunately, Splunk DB Connect is unable to detect any rising column. If I remove the SELECT TOP(1), the rising column appear again. The goal is to query the audit table with the current filename.

I saw another discussion (https://community.splunk.com/t5/Splunk-Search/DB-Connect-rising-column-combination-of-two-columns/m-...) but seems the enhancement request (DBX-564) is still not ready.

Would anyone happen to have the same issue ?

Kind Regards,

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...