All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk DB Connect: Is it possible to clear all rows in database and add all results (old and new) for every execution?

ankithreddy777
Contributor
‎01-30-2017 11:21 AM

Hi,
I have to send results to the database from Splunk using Splunk DB Connect. But in documentation it is given that for every execution only the updated results will added to database table.
Is it possible to clear all rows in database and add all results (old and new) for every execution?

0 Karma
Reply

woodcock
Esteemed Legend
‎03-03-2017 10:55 PM

You are probably aware that you have posted this question twice, right?

https://answers.splunk.com/answers/494339/delete-database-results-and-update-with-new-result.html#an...

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-31-2017 12:06 AM

Hi ankithreddy777,
using DB Connect you can acquire records in two ways:

  • all query results;
  • only newest records. you can choose the preferred Input Type in the creation of database input (see http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Createandmanagedatabaseinputs#Choose_and_pr...) If you choose "batch input" you take all the times all the query's results, if you choose "Rising column" you have to choose a field, always growing, to use to record the check point (Splunk records in a configuration file the last value of the rising column from the executed query and uses it as starting point for the next one). There is also a third choose ("Advanced") similar to "Rising column". Bye. Giuseppe
0 Karma
Reply

ankithreddy777
Contributor
‎01-31-2017 04:39 AM

Hi Cusello,
How to send all results to the database for every execution. Instead of only new results using database. Can we delete results in database?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-31-2017 04:49 AM

No the "Batch input" option permits to download all the results of a query, but it doesn't delete records from DB, it's possible but you have to grant deletion privileges to the user that you use to connect to your DB (it isn't a usual procedure!) and create another DB script to delete the downloaded records.

Why you don't want to use the "Rising column" method? it's really more efficient!
If the problem is that you have rotation of your DB (in this way your rising column will be reset at every file rotation), you can manage this situation in an easy way:

  • add to your query an additional field resulting by timestamp + growing code
  • use this new field as rising column. In this way your rising column will be always growing.

Bye.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...