Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Import data from SQL view with DBConnect

CerielTjuh
Path Finder
‎03-23-2013 08:12 AM

Hi there,

I am try to import data from a SQL Server. Because the tables do not contain all the fiels i want to see i have created a view on the SQL server with some left joins.
I would like to index the data from that SQL view with the Splunk DBConnect app but I receive an error that "Incident" is an invalid Object Name.

My Select code:

SELECT [Incident #]
,[Opened Group:]
,[State:]
,[Open Date & Time]
,[Close Date & Time]
,[Incident Type]
,[Due Date & Time:]
,[First Call Resolution:]
,[Closed Group:]
,[Contact Type]
,[Group Name]
,[Client ID]
,[Login ID Closed By]
,[Asset/Tag #]
,[Department Name]
,[Login ID Opened By]
,[Impact ID:]
,[Urgency ID:]
,[Status ID:]
,[Subject ID]
FROM [SDE].[_SMDBA].[Incident]
WHERE [Incident #] > 10000_

Is it even possible to data input a view from a SQL server or what method should i use?

Thank you in advance!

0 Karma
Reply

shogan_splunk
Splunk Employee
Splunk Employee
‎03-27-2013 11:52 AM

Assuming you are putting your SQL Statement in the DB Connect, Data Input, view, you need to put the WHERE clause in {{}} brackets, and use the DB Connects passed/substituted variables instead of putting the actual fieldnames\/values, like what you have above.

Excerpt from documentation link:Splunk DB Connect Documentation

To specify a custom query, place the where clause in curly braces {{...}}.

The literal $rising_column$ will be replaced with the name specified in the rising column setting.

The literal ? will be substituted with the checkpoint value.
Example: SELECT * FROM my_table {{WHERE $rising_column$ > ?}}

0 Karma
Reply

CerielTjuh
Path Finder
‎03-28-2013 01:48 AM

Sorry, I forgot to mention that I changed the SQL statement to include the WHERE statement but Splunk doesn't recognize the SQL view, only SQL tables..

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...