All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk DB Connect: Is it possible to clear all rows in database and add all results (old and new) for every execution?

ankithreddy777
Contributor
‎01-30-2017 11:21 AM

Hi,
I have to send results to the database from Splunk using Splunk DB Connect. But in documentation it is given that for every execution only the updated results will added to database table.
Is it possible to clear all rows in database and add all results (old and new) for every execution?

0 Karma
Reply

woodcock
Esteemed Legend
‎03-03-2017 10:55 PM

You are probably aware that you have posted this question twice, right?

https://answers.splunk.com/answers/494339/delete-database-results-and-update-with-new-result.html#an...

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-31-2017 12:06 AM

Hi ankithreddy777,
using DB Connect you can acquire records in two ways:

  • all query results;
  • only newest records. you can choose the preferred Input Type in the creation of database input (see http://docs.splunk.com/Documentation/DBX/2.4.0/DeployDBX/Createandmanagedatabaseinputs#Choose_and_pr...) If you choose "batch input" you take all the times all the query's results, if you choose "Rising column" you have to choose a field, always growing, to use to record the check point (Splunk records in a configuration file the last value of the rising column from the executed query and uses it as starting point for the next one). There is also a third choose ("Advanced") similar to "Rising column". Bye. Giuseppe
0 Karma
Reply

ankithreddy777
Contributor
‎01-31-2017 04:39 AM

Hi Cusello,
How to send all results to the database for every execution. Instead of only new results using database. Can we delete results in database?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-31-2017 04:49 AM

No the "Batch input" option permits to download all the results of a query, but it doesn't delete records from DB, it's possible but you have to grant deletion privileges to the user that you use to connect to your DB (it isn't a usual procedure!) and create another DB script to delete the downloaded records.

Why you don't want to use the "Rising column" method? it's really more efficient!
If the problem is that you have rotation of your DB (in this way your rising column will be reset at every file rotation), you can manage this situation in an easy way:

  • add to your query an additional field resulting by timestamp + growing code
  • use this new field as rising column. In this way your rising column will be always growing.

Bye.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...