Solved: Re: DB Connect Timestamp Search Time results

arrowsmith3 · ‎04-11-2013

I have a search time query

| dbquery OEM "SELECT

regexp_replace(d.target_name, '\..*', '') AS output,
d.collection_timestamp,
d.metric_column as Metric_Type,
TO_NUMBER(d.value) as Metric
FROM sysman.mgmt$metric_details d
WHERE d.collection_timestamp >= SYSDATE - 1 and d.target_type = 'host'
and (d.target_name in ('XXX','XXXX','XXXXX','XXX')
or d.target_name like 'XXX-%'
or d.target_name like 'XXXX%'
or d.target_name like 'XXX%')
and d.metric_column = 'cpuUtil' ORDER BY collection_timestamp" | search METRIC_TYPE="cpuUtil"

I would like to leverage splunks dashboard and alerting features but I'm not sure I really need to import the entire table into a splunk index. Ideally I would like to be able to search, present and alert queried data for a time span and compare this to other datasets. My issue is the timestamp. The oracle 11g db is like 4/10/2013 4:16:48 PM %m/%m/%Y %H:%M:%S and is stored in our collection_timestamp column. I see how to fix the timestamp issue through a input stanza but I'm wondering if there is an search time method to convert the time stamp properly? Right now the collection_timestamp is converting to this 1365637246.000

Thanks!

jcoates_splunk · ‎04-11-2013

Hi, I think you're looking for convert's ctime function. http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Convert

View solution in original post

jcoates_splunk · ‎04-11-2013

Hi, I think you're looking for convert's ctime function. http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Convert

DB Connect Timestamp Search Time results

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms