Solved: Re: Why can't I select field's alias name as 'risi...

jawaharas · ‎11-26-2018

The Splunk DB Connect app doesn't allow to select the custom field with alias name (EPOCH_TIMESTAMP) as 'Rising Column'. Any guidance will be helpful. Thanks.

DBConnect SQL:

SELECT 
    OS_USERNAME,
    DBUSERNAME,
    CLIENT_PROGRAM_NAME, 
    EVENT_TIMESTAMP,
    (CAST(EVENT_TIMESTAMP AS DATE) - DATE '1970-01-01')*24*60*60*1000 + MOD( EXTRACT( SECOND FROM EVENT_TIMESTAMP ), 1 ) * 1000 AS EPOCH_TIMESTAMP,
FROM sys.UNIFIED_AUDIT_TRAIL
WHERE EPOCH_TIMESTAMP > ?
ORDER BY EPOCH_TIMESTAMP ASC

FrankVl · ‎11-27-2018

Try it like this:

SELECT 
     OS_USERNAME,
     DBUSERNAME,
     CLIENT_PROGRAM_NAME, 
     EVENT_TIMESTAMP,
     (CAST(EVENT_TIMESTAMP AS DATE) - DATE '1970-01-01')*24*60*60*1000 + MOD( EXTRACT( SECOND FROM EVENT_TIMESTAMP ), 1 ) * 1000 AS EPOCH_TIMESTAMP,
 FROM sys.UNIFIED_AUDIT_TRAIL
 WHERE  (CAST(EVENT_TIMESTAMP AS DATE) - DATE '1970-01-01')*24*60*60*1000 + MOD( EXTRACT( SECOND FROM EVENT_TIMESTAMP ), 1 ) * 1000 > ?
 ORDER BY EPOCH_TIMESTAMP ASC

View solution in original post

FrankVl · ‎11-27-2018

Try it like this:

SELECT 
     OS_USERNAME,
     DBUSERNAME,
     CLIENT_PROGRAM_NAME, 
     EVENT_TIMESTAMP,
     (CAST(EVENT_TIMESTAMP AS DATE) - DATE '1970-01-01')*24*60*60*1000 + MOD( EXTRACT( SECOND FROM EVENT_TIMESTAMP ), 1 ) * 1000 AS EPOCH_TIMESTAMP,
 FROM sys.UNIFIED_AUDIT_TRAIL
 WHERE  (CAST(EVENT_TIMESTAMP AS DATE) - DATE '1970-01-01')*24*60*60*1000 + MOD( EXTRACT( SECOND FROM EVENT_TIMESTAMP ), 1 ) * 1000 > ?
 ORDER BY EPOCH_TIMESTAMP ASC

jawaharas · ‎11-27-2018

Perfect..! Thank you so much @FrankVI

Why can't I select field's alias name as 'rising column' in DBConnect 3.x?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Why can't I select field's alias name as 'rising column' in DBConnect 3.x?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!