Hey there,
I have stumbled upon an issue where my below dbxquery map search is not yielding any results.
My intention is to pass a list of student_id values derived from my initial search to the dbxquery and get a list of state with their counts.
index="syslog" TERM(AUS)
| table student_id
| map search="dbxquery query=\"select distinct address_state, count(*)
FROM stud.common.details WHERE site='$student_id$' group by address_state\" connection=Student"
Looks like I'm facing the same issue. When I run the dbxquery directly from the SPL search window it works just fine, but inside the map-command it just hangs forever. Did you ever get this to work?
Hi, were you able to solve the problem ? I am facing the same issue
@manunairadavakkat
try by adding |
.
index="syslog" TERM(AUS)
| table student_id
| map search="| dbxquery query=\"select distinct address_state, count(*)
FROM stud.common.details WHERE site='$student_id$' group by address_state\" connection=Student"
@kamlesh_vaghela
Tried the below query, but no results being displayed, only displays count of events.
index="syslog" TERM(AUS)
| table student_id
| map search="| dbxquery connection=Student query=\"select distinct address_state, count(*)
FROM stud.common.details WHERE group by address_state\" | site='$student_id$' "
@manunairadavakkat
What are your required columns?
@kamlesh_vaghela
Required columns : address_state, count(*)
It should include all those student_id from the earlier search ----
index="syslog" TERM(AUS)
| table student_id
@manunairadavakkat
Can you please try this?
index="syslog" TERM(AUS)
| table student_id
| map search="| dbxquery connection=Student query=\"select distinct address_state, count(*) as count
FROM stud.common.details WHERE group by address_state\" | site='$student_id$' | eval student_id='$student_id$' | table student_id address_state count"
@kamlesh_vaghela
It does not give any results.
Only the below count is shown:
21,657 events (26/07/2019 18:01:01.000 to 26/07/2019 18:16:01.000)
"No results found" message in the result box
Can you please execute below search by passing student_id
and check results?
| dbxquery connection=Student query="select distinct address_state, count(*) as count
FROM stud.common.details WHERE group by address_state" | site='$student_id$' | eval student_id='$student_id$' | table student_id address_state count
@kamlesh_vaghela
Ran the query directly, it shows 117 results.
When running the above query as well, it shows event count as 117, but no results are displayed
is it possible to share a screenshot?