Solved: Re: Why can't dbxoutput directly execute SQL?

munang · ‎01-09-2023

dbxquery allows queries using direct SQL. However, dbxoutput is only possible with output objects defined in db-connect-app.

Is there a fundamental reason for limiting this function (must be done only through DB-Connect-app)?

For example, if it is a security problem, it is simply a matter of granting permission separately.

I wonder if there might be some other underlying reason.

Text can be awkward with the help of a translator. please understand.

gcusello · ‎01-09-2023

it's in the nature of the approach: you cannot have a performant response using an external query and JDBC driver.

the approach of Splunk is: ingest all the data in Splunk, index them and search everything.

Ciao.

Giuseppe

munang · ‎01-09-2023

Thank you so much for your answer.

Then I wonder why they didn't create another efficient command that can directly perform update or insert SQL.

Is it because of the burden of direct changes to the data itself compared to lookup queries such as select?

gcusello · ‎01-09-2023

it's in the nature of the approach: you cannot have a performant response using an external query and JDBC driver.

the approach of Splunk is: ingest all the data in Splunk, index them and search everything.

Ciao.

Giuseppe

scelikok · ‎01-09-2023

Could you please check if Splunk DBConnect app permissions? Can you try changing app permissions to global?

If this reply helps you an upvote and "Accept as Solution" is appreciated.

gcusello · ‎01-09-2023

the main reason is that dbxoutput is very slow so it isn't efficient to directly executeSQl queries.

Ciao.

Giuseppe

Why can't dbxoutput directly execute SQL?