You can let DB Connect run any SQL query, index the results, and search/alert on those results within Splunk.
That's very generic, but I need more info for a more specific answer. Post details about what you need, what you've tried, and so on.
I have installed sblunkdb connect for some host with some database details now is it possible i can produce a query for extracting name of some particular tables LIKE %err having some update in last five minutes ?
Let me see if I have this correct:
Splunk is reading in data from some tables. You need to have a search in Splunk that displays the rows of those tables that match %_ERR within the last 5 minutes?
If so, something like the below may be all you need:
index=<whatever> source=<include other filtering to get just your records> %_ERR
or perhaps
index=<whatever> source=<include other filtering to get just your records> *_ERR*
Then set your timeline to be "5 minute window."
If that's not the right question, please post some more complete information about exactly what it is you are trying to do, perhaps with a few short samples of the data, and I'm sure we can help.
We are looking to extract name of tables from database in which we got some latest entries say in last five minutes and table name should be like '%_ERR'
So you're trying to determine which *_ERR tables have changed in the last 5 minutes? What kind of database? How would you do this using a typical client for that database?
We have already set splunkdb connect and database is oracle,so Just trying to figure out the way.
A little more info about what exactly you are trying to do would be helpful.