Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible to get concat fields through db connect?

ragonfly
New Member
‎02-14-2022 05:48 PM

Hello. I need help with DB data input.

Among the fields of the mariadb table, the field related to time is divided into two.

Both fields are of type varchar.

 

1) The date field stores today's date. ex) 2022215

2) The time field stores the time. Leading zeros are omitted.

ex) 110203000 (hhmmssSSS)

For time fields, leading zeros are omitted.  In the case of 00:02:03, it becomes as follows.

ex) 203000 

As a side note, I know these configurations aren't common, I didn't create them.

In the above situation, to get data through the rising column, the query is structured as follows.

 

select concat(date,lpad(time,'9','0')) as time from ~~~ where time > 1

 

If i execute a query on the db connect setting screen, data is imported normally.

However, once the setup is complete and the query is run on a schedule, the data will not be indexed.

In db connect, if data is artificially processed through a query, can't I get data?

 

thank you.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎02-14-2022 10:03 PM

* You have to add a question mark (?) with where condition and DB Connect would replace the checkpoint value of rising column there. (Please read the instruction in the UI just below the rising column option.)

* You can apply it on artificially generated columns. But last time when I had a similar situation I couldn't able to do it through UI. So I had to create input start in db_inputs.conf from the backend.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...