Import data from SQL view with DBConnect

CerielTjuh · ‎03-23-2013

Hi there,

I am try to import data from a SQL Server. Because the tables do not contain all the fiels i want to see i have created a view on the SQL server with some left joins.
I would like to index the data from that SQL view with the Splunk DBConnect app but I receive an error that "Incident" is an invalid Object Name.

My Select code:

SELECT [Incident #]
,[Opened Group:]
,[State:]
,[Open Date & Time]
,[Close Date & Time]
,[Incident Type]
,[Due Date & Time:]
,[First Call Resolution:]
,[Closed Group:]
,[Contact Type]
,[Group Name]
,[Client ID]
,[Login ID Closed By]
,[Asset/Tag #]
,[Department Name]
,[Login ID Opened By]
,[Impact ID:]
,[Urgency ID:]
,[Status ID:]
,[Subject ID]
FROM [SDE].[_SMDBA].[Incident]
WHERE [Incident #] > 10000_

Is it even possible to data input a view from a SQL server or what method should i use?

Thank you in advance!

shogan_splunk · ‎03-27-2013

Assuming you are putting your SQL Statement in the DB Connect, Data Input, view, you need to put the WHERE clause in {{}} brackets, and use the DB Connects passed/substituted variables instead of putting the actual fieldnames\/values, like what you have above.

Excerpt from documentation link:Splunk DB Connect Documentation

To specify a custom query, place the where clause in curly braces {{...}}.

The literal $rising_column$ will be replaced with the name specified in the rising column setting.

The literal ? will be substituted with the checkpoint value.
Example: SELECT * FROM my_table {{WHERE $rising_column$ > ?}}

CerielTjuh · ‎03-28-2013

Sorry, I forgot to mention that I changed the SQL statement to include the WHERE statement but Splunk doesn't recognize the SQL view, only SQL tables..

Import data from SQL view with DBConnect

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!