dbxquery allows queries using direct SQL. However, dbxoutput is only possible with output objects defined in db-connect-app.
Is there a fundamental reason for limiting this function (must be done only through DB-Connect-app)?
For example, if it is a security problem, it is simply a matter of granting permission separately.
I wonder if there might be some other underlying reason.
Text can be awkward with the help of a translator. please understand.
Hi @munang,
it's in the nature of the approach: you cannot have a performant response using an external query and JDBC driver.
the approach of Splunk is: ingest all the data in Splunk, index them and search everything.
Ciao.
Giuseppe
Hi @gcusello
Thank you so much for your answer.
Then I wonder why they didn't create another efficient command that can directly perform update or insert SQL.
Is it because of the burden of direct changes to the data itself compared to lookup queries such as select?
Hi @munang,
it's in the nature of the approach: you cannot have a performant response using an external query and JDBC driver.
the approach of Splunk is: ingest all the data in Splunk, index them and search everything.
Ciao.
Giuseppe
Hi @munang,
Could you please check if Splunk DBConnect app permissions? Can you try changing app permissions to global?
Hi @munang,
the main reason is that dbxoutput is very slow so it isn't efficient to directly executeSQl queries.
Ciao.
Giuseppe