All Apps and Add-ons

how to save oracle db query results into a CSV format and use this CSV file to index into SPLUNK to generate dashboards

deepthi5
Path Finder

Hello ,

I have integrated my oracle DB with SPLUNK using SPLUNK DB connect
I am able to view the tables and query them successfully but i have the following issue
Issue:
I am using the following query
SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx
i want to trigger this query for every 30 mins and save the results into a .csv and index this .csv to splunk to generate the dashboards
can somebody please help as i have to use this live in my project to show up graphs to the client

Thanks ,
Deepthi

Tags (2)
0 Karma
1 Solution

vganjare
Builder

Hi,

Rather than storing the results as CSV, you can add the data directly in the splunk index by using DBConnects DBMonitor configuration. You can use the above query along with a rising_column (which is used to identify what all records are fetched).

If not, you can use outputlookup command to create the CSV file as a lookup. You can schedule a search (which will run every 30 mins) by using DBConnect command dbquery and outputlookup command.

Something like:

| dbquery "SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx" | outputlookup xyz.csv

Use this lookup for your dashboard.

Thanks!!

View solution in original post

vganjare
Builder

Hi,

Rather than storing the results as CSV, you can add the data directly in the splunk index by using DBConnects DBMonitor configuration. You can use the above query along with a rising_column (which is used to identify what all records are fetched).

If not, you can use outputlookup command to create the CSV file as a lookup. You can schedule a search (which will run every 30 mins) by using DBConnect command dbquery and outputlookup command.

Something like:

| dbquery "SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx" | outputlookup xyz.csv

Use this lookup for your dashboard.

Thanks!!

deepthi5
Path Finder

Thanks for that it works just adding to your command there is also a command call outputcsv and outputtext to get the output

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...