Re: Splunk DB Connect -- How can I make a dashboar...

Choudharyayush9 · ‎09-26-2017

I have connected my Splunk to my SQL Server DB.
I am able to run the query successfull and i am getting valid results but results are not coming in event section.
Its showing up only in Statistics.

How can I make a dashboard from the results of sql search? Can I use Splunk search aggregated with DBX command?

cmerriman · ‎10-05-2017

dbxquery will only every show up in either the Statistics tab or the Visualizations tab because they aren't actually events in Splunk, they're tables from a DB.

You can quite easily make the results a dashboard, it just depends on what you're wanting to do. If you just want the exact results in a table from your SQL statement, you can just save that as a dashboard table. as a rough idea:

|dbxquery connection="connection1" maxrows=0 shortnames=t query="select interesting_fields from table1"

now if you want to do some SPL on top of your SQL to do some aggregations, that's fine, also.

|dbxquery connection="connection1" maxrows=0 shortnames=t query="select interesting_fields from table1"|stats sum(field1) as sum by field2

you can keep that as a table or throw it into a visualization and save it as a dashboard panel. Sky is the limit, in a sense 🙂

If you have more details, that would be helpful so we can nail down a more precise syntax. Details around what type of visualization and/or current syntax/data examples.

Splunk DB Connect -- How can I make a dashboard from the results?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes