Solved: Splunk DB Connect: How to log results of dbquery?

dr_juice · ‎01-21-2015

I've connected to an MS SQL database using DB Connect and have a query running that successfully extracts table data. My question is I only get the results of the current query and do not see any events of past queries.

Basically, I want to log the number of active users of an application over time. Other than dumping the query to a text file, and then using that as a secondary input, is there a way to do it with my current SQL query?

dr_juice · ‎01-22-2015

I've figured it out by creating a new index and adding a connect statement to the query and referencing the new index name.

| collect index= sourcetype=

They're small outputs (ie. less than 50 rows per query) so I don't think performance is being impacted.

View solution in original post

dr_juice · ‎01-22-2015

I've figured it out by creating a new index and adding a connect statement to the query and referencing the new index name.

| collect index= sourcetype=

They're small outputs (ie. less than 50 rows per query) so I don't think performance is being impacted.

pmdba · ‎01-21-2015

Check the documentation for DBConnect. You can create a SQL-based input and index the results just like any other input.

dr_juice · ‎01-22-2015

Yes, thanks. My difficulty was applying the documentation to my needs.

Splunk DB Connect: How to log results of dbquery?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life