Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible to get concat fields through db connect?

ragonfly
New Member
‎02-14-2022 05:48 PM

Hello. I need help with DB data input.

Among the fields of the mariadb table, the field related to time is divided into two.

Both fields are of type varchar.

 

1) The date field stores today's date. ex) 2022215

2) The time field stores the time. Leading zeros are omitted.

ex) 110203000 (hhmmssSSS)

For time fields, leading zeros are omitted.  In the case of 00:02:03, it becomes as follows.

ex) 203000 

As a side note, I know these configurations aren't common, I didn't create them.

In the above situation, to get data through the rising column, the query is structured as follows.

 

select concat(date,lpad(time,'9','0')) as time from ~~~ where time > 1

 

If i execute a query on the db connect setting screen, data is imported normally.

However, once the setup is complete and the query is run on a schedule, the data will not be indexed.

In db connect, if data is artificially processed through a query, can't I get data?

 

thank you.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎02-14-2022 10:03 PM

* You have to add a question mark (?) with where condition and DB Connect would replace the checkpoint value of rising column there. (Please read the instruction in the UI just below the rising column option.)

* You can apply it on artificially generated columns. But last time when I had a similar situation I couldn't able to do it through UI. So I had to create input start in db_inputs.conf from the backend.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...