Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add a DBConnect Input to Dashboard

dgwann
Explorer
‎10-06-2023 08:19 AM

I have a DBConnect Input defined that produces the following output:

DateGroup_NameNumber_of_Submissions

2023-10-02

Apple780
2023-10-03Apple1116
2023-10-04Apple1154
2023-10-05Apple786
2023-10-06Apple699

2023-10-02

Banana358
2023-10-03Banana760
2023-10-04Banana254
2023-10-05Banana1009
2023-10-06Banana876

2023-10-02

Others1265
2023-10-03Others1400
2023-10-04Others257
2023-10-05Others109
2023-10-06Others1709

 

I want to have this data displayed on a Dashboard as a multi-line chart, x-axis is the Date, y-axis is the Number of submissions, and there should be different color lines representing the different groups.  I am new to Splunk.  Very new.  I need succinct instructions pls.  Thanks!!!

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-06-2023 08:27 AM

Hi @dgwann,

let me understand: do you want to use DB-Connect to extract data from a DB saving them in an index and then search on the index or directly execute the query run-time on the DB and display results?

the second option doesn't consume license but surely will have very low performces because Splunk DB-Connect was created to extract data from a DB wexecuting query, not to execute runtime queries.

When you'll have the data in an index you can create your search using SPL, something like this:

 

index=your_index
| stats sum(Number_of_Submissions) AS Number_of_Submissions BY Date Group_name

 

if instead you want to run on line queries (I not hint this because it will be more than slowest!), you should try something like this:

 

| dbxquery query="<your_query>" connection="<mySQL<" 
| stats sum(Number_of_Submissions) AS Number_of_Submissions BY Date Group_name

 

for more details see at https://docs.splunk.com/Documentation/DBX/3.14.1/DeployDBX/Commands

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-06-2023 08:27 AM

Hi @dgwann,

let me understand: do you want to use DB-Connect to extract data from a DB saving them in an index and then search on the index or directly execute the query run-time on the DB and display results?

the second option doesn't consume license but surely will have very low performces because Splunk DB-Connect was created to extract data from a DB wexecuting query, not to execute runtime queries.

When you'll have the data in an index you can create your search using SPL, something like this:

 

index=your_index
| stats sum(Number_of_Submissions) AS Number_of_Submissions BY Date Group_name

 

if instead you want to run on line queries (I not hint this because it will be more than slowest!), you should try something like this:

 

| dbxquery query="<your_query>" connection="<mySQL<" 
| stats sum(Number_of_Submissions) AS Number_of_Submissions BY Date Group_name

 

for more details see at https://docs.splunk.com/Documentation/DBX/3.14.1/DeployDBX/Commands

Ciao.

Giuseppe

Reply
Solved! Jump to solution

dgwann
Explorer
‎10-18-2023 05:51 AM

I ended up using the chart command instead of stats and got it to come out correctly.  Thanks again!!

0 Karma
Reply
Solved! Jump to solution

dgwann
Explorer
‎10-06-2023 09:17 AM

I want a dashboard panel to display the line chart, the query should be run in the background every 30 minutes to an hour and update the display.  So I assume I mean that I want to directly execute the query on the DB and display results.  I've created the Input.  Do I need to create an Output?  I don't want to update the database at all, just read it.

0 Karma
Reply
Solved! Jump to solution

dgwann
Explorer
‎10-06-2023 09:08 AM

@gcusello Where do I put those blocks of code you sent?  Do I put them somewhere in the dashboard builder, or in the DBConnect for the Input?  Like I said, I'm very new to this.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-06-2023 10:47 PM

Hi @dgwann,

in the dashboard,

as I said, you should create an input in DB-Connect, indexing results in Splunk and using my first solution in dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

dgwann
Explorer
‎10-17-2023 12:55 PM

Okay, I'm getting closer.  I get a line chart to show up now.  However, I need 3 different lines representing the 3 different customers and the Number of submissions for each day.  I just need to get the SPL right.  Thanks for your assistance and patience!!

 

Tags (2)
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-17-2023 11:30 PM

Hi @dgwann,

what re the results executing your searches?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

dgwann
Explorer
‎10-12-2023 10:05 AM

I've done exactly as you said, but it's still not working.  What kind of visualization type should I select to get a multi line graph?  I'm running on a clustered environment using SQL Server 2016 and using DBConnect.  My field in the dashboard still says it is waiting for input.  I updated the Indexes.conf files and did the Rolling Restart on the Index Clustering Manager node.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-12-2023 11:29 PM

Hi @dgwann,

if you run a search using dbquery, you should have as result a table that you can display as you like, as every other kind of Splunk panel.

it isn't relevant (for the display) where the data come from.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...