All Apps and Add-ons

how to save oracle db query results into a CSV format and use this CSV file to index into SPLUNK to generate dashboards

deepthi5
Path Finder

Hello ,

I have integrated my oracle DB with SPLUNK using SPLUNK DB connect
I am able to view the tables and query them successfully but i have the following issue
Issue:
I am using the following query
SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx
i want to trigger this query for every 30 mins and save the results into a .csv and index this .csv to splunk to generate the dashboards
can somebody please help as i have to use this live in my project to show up graphs to the client

Thanks ,
Deepthi

Tags (2)
0 Karma
1 Solution

vganjare
Builder

Hi,

Rather than storing the results as CSV, you can add the data directly in the splunk index by using DBConnects DBMonitor configuration. You can use the above query along with a rising_column (which is used to identify what all records are fetched).

If not, you can use outputlookup command to create the CSV file as a lookup. You can schedule a search (which will run every 30 mins) by using DBConnect command dbquery and outputlookup command.

Something like:

| dbquery "SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx" | outputlookup xyz.csv

Use this lookup for your dashboard.

Thanks!!

View solution in original post

vganjare
Builder

Hi,

Rather than storing the results as CSV, you can add the data directly in the splunk index by using DBConnects DBMonitor configuration. You can use the above query along with a rising_column (which is used to identify what all records are fetched).

If not, you can use outputlookup command to create the CSV file as a lookup. You can schedule a search (which will run every 30 mins) by using DBConnect command dbquery and outputlookup command.

Something like:

| dbquery "SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx" | outputlookup xyz.csv

Use this lookup for your dashboard.

Thanks!!

deepthi5
Path Finder

Thanks for that it works just adding to your command there is also a command call outputcsv and outputtext to get the output

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...