Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to extract the table name from a database having some entries with some particular suffix?

itmonitoring
Explorer
‎12-19-2014 08:26 AM
 
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-22-2014 09:15 AM

You can let DB Connect run any SQL query, index the results, and search/alert on those results within Splunk.

That's very generic, but I need more info for a more specific answer. Post details about what you need, what you've tried, and so on.

0 Karma
Reply

itmonitoring
Explorer
‎12-22-2014 08:41 AM

I have installed sblunkdb connect for some host with some database details now is it possible i can produce a query for extracting name of some particular tables LIKE %err having some update in last five minutes ?

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎12-22-2014 07:46 AM

Let me see if I have this correct:

Splunk is reading in data from some tables. You need to have a search in Splunk that displays the rows of those tables that match %_ERR within the last 5 minutes?

If so, something like the below may be all you need:

index=<whatever> source=<include other filtering to get just your records> %_ERR

or perhaps 

index=<whatever> source=<include other filtering to get just your records> *_ERR*

Then set your timeline to be "5 minute window."

If that's not the right question, please post some more complete information about exactly what it is you are trying to do, perhaps with a few short samples of the data, and I'm sure we can help.

0 Karma
Reply

itmonitoring
Explorer
‎12-19-2014 09:56 AM

We are looking to extract name of tables from database in which we got some latest entries say in last five minutes and table name should be like '%_ERR'

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-19-2014 11:11 AM

So you're trying to determine which *_ERR tables have changed in the last 5 minutes? What kind of database? How would you do this using a typical client for that database?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

itmonitoring
Explorer
‎12-19-2014 12:11 PM

We have already set splunkdb connect and database is oracle,so Just trying to figure out the way.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-19-2014 09:49 AM

A little more info about what exactly you are trying to do would be helpful.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...