All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk DB Connect setting up Rising column?

Shan
Builder
‎04-23-2018 02:07 AM

When i read the doc in below link. It advice's me not to choose the timestamps column as the rising columns, but in my scenario i have the lastupdate_datetime(2018/04/22 12:33:44:00) column as most frequently changing column and i need to use it as a rising column..

http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/Createandmanagedatabaseinputs

I have a columns as ticket_id, ticket_status, lastupdate_datetime .

Kindly guide me with your opinion.
Thanks in advance.

Regards,
Shankar

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Shan
Builder
‎04-26-2018 10:55 PM

I have used the datetime column as rising column and i achieved my need. It's working properly i have validated it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Shan
Builder
‎04-26-2018 10:55 PM

I have used the datetime column as rising column and i achieved my need. It's working properly i have validated it.

0 Karma
Reply
Solved! Jump to solution

ssadanala1
Contributor
‎04-23-2018 09:41 PM

lastupdate_datetime is the best shot for rising columns .

As per the documentation

Rising input
A rising input has a column that DB Connect uses to keep track of what rows are new from one input execution to the next. When you create a rising input type, you must specify the rising column. You can specify rising column as any column whose value increases or decreases over time, such as a timestamp or sequential ID. For example, you can use columns such as row_id, transaction_id, employee_id, customer_id, last_updated, and so on.

0 Karma
Reply
Solved! Jump to solution

Shan
Builder
‎04-26-2018 10:55 PM

@ ssadanala1 - Thanks for your Input.

0 Karma
Reply
Solved! Jump to solution

p_gurav
Champion
‎04-23-2018 07:01 AM

Can't you used ticket_id?

0 Karma
Reply
Solved! Jump to solution

Shan
Builder
‎04-23-2018 09:24 PM

@p_gurav - No i don't think so . That is a random generating id .. If use it there will be a problem in near feature..

0 Karma
Reply
Solved! Jump to solution

p_gurav
Champion
‎04-23-2018 09:49 PM

ok. Can you use id then which is row every database provide?

0 Karma
Reply
Solved! Jump to solution

Shan
Builder
‎04-24-2018 02:25 AM

Are you talking about row Id. now I'm looking into a ticketing data from database .. Once the ticket is created its stored as open in database. even after 3 days someone can work on that ticket at that time i might miss that ticket update i thick so. because i need to look into some old ticket updates also. correct me if my understanding is wrong ..

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...