Solved: Re: Query SQL DB and ingest results to index?

bpitts2 · ‎10-03-2015

We have a system that stores very valuable data into a SQL database. I'd rather not ingest the entire DB (because it's huge). I'm wondering what strategy I should go with to get just the results of a specific query.

Let's say for example I want to index the the results of something like:

SELECT Count(*)
FROM sample_table
WHERE date > '2015-10-03 00:00:00'

I'd like to do this on an hourly interval. So I was thinking, I could write a script using sqlcmd such as:

sqlcmd -S theServer-d thisDB -E -Q "SELECT Count(*) FROM sample_table WHERE date > '2015-10-03 00:00:00'" -o "SQLOut.txt"

Then I would setup a monitor on that file.

Is there a less rube goldberg way of doing this, maybe using DB Connect 2?

Thanks in advance!

muebel · ‎10-03-2015

Yup, DB Connect is absolutely the way to go with this. You can setup a database input that will basically "tail" a query on the DB, indexing new results as they are found.

View solution in original post

muebel · ‎10-03-2015

Yup, DB Connect is absolutely the way to go with this. You can setup a database input that will basically "tail" a query on the DB, indexing new results as they are found.

Query SQL DB and ingest results to index?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!