You've got several things to address with regard to this subject. The proper way to get sql data into splunk is via a scripted input. You'd set up a script to pull data from the database, and then have splunk eat that data. Information on that can be found here:
http://www.splunk.com/base/Documentation/latest/Developer/ScriptedInputsIntro
There are some sample scripts in splunk you can take a look at which are referenced in that document. Additionally, this may be useful to you:
http://www.splunk.com/wiki/Apps:DatabaseCollection
With regard to setting up a dashboard, the first thing you need to do is ensure that the fields are being extracted in the manner you expect. You can do that via index time field extractions:
http://www.splunk.com/base/Documentation/latest/Data/Configureindex-timefieldextraction
Once you have the fields extracted in the manner you desire, you'll need to develop a search with the data that you'd like to analyze over the dashboard. Once you have that search, you can finally move on to creating a dashboard.
http://www.splunk.com/base/Documentation/latest/Developer/DashboardIntro
What you are looking to do is completely feasible, though not a trivial task. Following the steps outlined above you should be able to achieve this goal.
SplunkMSE- Splunk searching with mysql - Step By Step Guide
You've got several things to address with regard to this subject. The proper way to get sql data into splunk is via a scripted input. You'd set up a script to pull data from the database, and then have splunk eat that data. Information on that can be found here:
http://www.splunk.com/base/Documentation/latest/Developer/ScriptedInputsIntro
There are some sample scripts in splunk you can take a look at which are referenced in that document. Additionally, this may be useful to you:
http://www.splunk.com/wiki/Apps:DatabaseCollection
With regard to setting up a dashboard, the first thing you need to do is ensure that the fields are being extracted in the manner you expect. You can do that via index time field extractions:
http://www.splunk.com/base/Documentation/latest/Data/Configureindex-timefieldextraction
Once you have the fields extracted in the manner you desire, you'll need to develop a search with the data that you'd like to analyze over the dashboard. Once you have that search, you can finally move on to creating a dashboard.
http://www.splunk.com/base/Documentation/latest/Developer/DashboardIntro
What you are looking to do is completely feasible, though not a trivial task. Following the steps outlined above you should be able to achieve this goal.
Isn't DB Connect and Saved Searches replacing that? I already got saved sql searches (a query) to work at a specified time... now the question is how to set it as data input (specific columns of it, rows, etc or the whole data)
SPP (www.spp.at) is working on an database connector app. So there will be an easy way to connect to databases in the future
To start I'd check out scripted inputs. You can probably use some sort of hard-coded service account with a read-only password to your tables and execute a query from a command line in some short perl or BASH shell script (i.e. mysql). Splunk will basically index the anything from the stdout stream. That will at least get your data in the index so that you can perform query operations against it.
http://www.cyberciti.biz/faq/run-sql-query-directly-on-the-command-line/
http://www.splunk.com/base/Documentation/latest/Developer/ScriptedInputsIntro
Dan
Sorry, your question really doesn't make any sense..can you please rephrase this in a way that's understandable?
Yoda, is this you?