All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect 2: rising_column empty from the GUI due to sub-query ?

Anthony
Loves-to-Learn
‎10-17-2022 12:35 AM

Hello, From the GUI (DB Input), it seems that Splunk is unable to detect any Rising Column due to our sub query:

 

 

SELECT 
	event_time 
FROM 
	sys.fn_get_audit_file (
		(SELECT TOP(1) e.audit_file_path FROM [sys.dm_server_audit_status] e  WHERE e.name = 'Audit-select-statement'), default, default)
WHERE 
     event_time > ? 
ORDER BY event_time ASC

 

 

 

unfortunately, Splunk DB Connect is unable to detect any rising column. If I remove the SELECT TOP(1), the rising column appear again. The goal is to query the audit table with the current filename.

I saw another discussion (https://community.splunk.com/t5/Splunk-Search/DB-Connect-rising-column-combination-of-two-columns/m-...) but seems the enhancement request (DBX-564) is still not ready.

Would anyone happen to have the same issue ?

Kind Regards,

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...