Solved: Query SQL DB and ingest results to index?

bpitts2 · ‎10-03-2015

We have a system that stores very valuable data into a SQL database. I'd rather not ingest the entire DB (because it's huge). I'm wondering what strategy I should go with to get just the results of a specific query.

Let's say for example I want to index the the results of something like:

SELECT Count(*)
FROM sample_table
WHERE date > '2015-10-03 00:00:00'

I'd like to do this on an hourly interval. So I was thinking, I could write a script using sqlcmd such as:

sqlcmd -S theServer-d thisDB -E -Q "SELECT Count(*) FROM sample_table WHERE date > '2015-10-03 00:00:00'" -o "SQLOut.txt"

Then I would setup a monitor on that file.

Is there a less rube goldberg way of doing this, maybe using DB Connect 2?

Thanks in advance!

muebel · ‎10-03-2015

Yup, DB Connect is absolutely the way to go with this. You can setup a database input that will basically "tail" a query on the DB, indexing new results as they are found.

View solution in original post

muebel · ‎10-03-2015

Yup, DB Connect is absolutely the way to go with this. You can setup a database input that will basically "tail" a query on the DB, indexing new results as they are found.

Query SQL DB and ingest results to index?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!