Search query does not return any values

pratapa · ‎07-13-2020

User complains that the following query is not returning any values in Splunk.

dbquery wmsewprd "select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"

0 events

Time range picker : All time

when he runs the same query at database end it is returning results.

Following is the query he is running on database.

select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from wmsew.SYS_CODE_TYPE;

Why it is not returning any results when we run in splunk.

anilchaithu · ‎07-13-2020

If the users are trying the SPL you shared here, then The syntax is not correct

Please try this

| dbxquery connection="connection_name" query="select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"

Hope this helps

pratapa · ‎07-14-2020

This worked.

dbquery wmsewprd "select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"

We created database connection under setting->External Databases and after that restarted splunk on the host.

When we tried the below query, it worked.

dbquery wmsewprd "select REC_TYPE, CODE_TYPE, CODE_DESC, SHORT_DESC, USER_ID from SYS_CODE_TYPE"

This issue is resolved.

Are you a member of the Splunk Community?