Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Rising Column

rahul2gupta
Path Finder
‎08-28-2020 03:20 AM

Hi All,

I unable to select Rising column parameter from the following SQL Query.Can someone please help me with this.

select * from
(select to_char(count(1)) as "sessions" from v\\$session),
(select to_char(count(1)) as "processes" from v\\$process),
(select value as "max_sessions" from v\\$parameter where NAME='sessions'),
(select value as "max_processes" from v\\$parameter where NAME='processes'),
(select to_number(substr(output, 33),9999999.99) avg_ash
from table(dbms_workload_repository.ash_report_text( (select dbid from v\\$database), 1, sysdate - interval '5' minute, sysdate, 0))
where output like '%Average Active Sessions%')

Regards,

Rahul

Labels (1)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-28-2020 04:15 AM

To use rising column option, your sql query results should have a column which will be incremented by 1 or timestamp.

can you share header?

identify the key column which will be changing when new record is inserted into table.

————————————
If this helps, give a like below.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2020 03:44 AM

Hi @rahul2gupta,

you're using select * this means that you take all the fields from those tables,

As I said in anothe answer, in the fields that you have as output of your query you have to identify one of them that's progressive (always growing), if you haven't you have to create it merging two fields (e.g. date and another field).

Which fields do you have?

Is there a progressive field?

If not, which fields you can use?

I don't know your data so I cannot help more.

As I said, this isn't a Splunk question, it's an SQL question!

Ciao.

Giuseppe

0 Karma
Reply

rahul2gupta
Path Finder
‎08-28-2020 04:42 AM

Can I use LOGON_TIME parameter as a Rising Column(suggested by DBA Team)

It just tell us when the user has logged-in.

Regards,

Rahul

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2020 05:33 AM

Hi @rahul2gupta,

LOGON_TIME could be usable, but in this way you have the risk to take twice an event or loose it if you have two events with the same timestamp at the separation time.

Probably it isn't a great problem.

Ciao.

Giuseppe

0 Karma
Reply

rahul2gupta
Path Finder
‎09-02-2020 07:20 PM

Hi @gcusello ,

When I am trying to save it,I'm encountering the following error.

rahul2gupta_0-1599099509737.png

Regards,

Rahul

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-03-2020 12:07 AM

Hi @rahul2gupta,

it's difficoult in this way, could you share the screen shots of the steps you did?

Ciao.

Giuseppe

0 Karma
Reply

rahul2gupta
Path Finder
‎09-03-2020 12:24 AM

Hi @gcusello ,

Query:

index=main sourcetype=wms_oracle_sessions | bucket span=5m _time | stats count AS sessions by _time,warehouse,machine,program | sum(sessions) AS wsessions by _time,warehouse | timechart avg(wsessions) by warehouse

In which sourcetype=wms_oracle_sessions is missing. 

I tried to create new sourcetype. Please find the screenshot below:

g2.PNG

 

 

Name:wms_oracle_sessions

Input type -- tail

I specified sql query

Rising column --LOGON_TIME

I filled all the columns but when I am trying to save it we are encountering the error.

rahul2gupta_0-1599099509737.png

Please help.

Regards,

Rahul

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-03-2020 12:34 AM

Hi @rahul2gupta,

I think that you flagged "Specify SQL query" and inserted your query or inserted in the field the table you want.

Then you inserted LOGON_TIME in the Rising_Column field and the other Splunk fields.

Only one question: which is the format of LOGON_TIME ? it's in epochtime so you're sure that's always growing or in a different one?

if in a different one, try to transform it in the Oracle query.

Ciao.

Giuseppe

0 Karma
Reply

rahul2gupta
Path Finder
‎09-03-2020 03:38 AM

Hi @gcusello ,

The LOGON_TIME format is as below:
 Name                                                      Type
LOGON_TIME                                         DATE
 
eg. 9/3/2020 7:18:50 PM
 
Regards,
Rahul
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-03-2020 03:45 AM

Hi @rahul2gupta,

you should add a field containing the LOGON_TIME  in epochtime format so you're sure to have an always growing field to use in the Rising_Column.

Ciao.

Giuseppe

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-28-2020 05:27 AM

Of course you can. First run your query as batch. Once results are returned, you can change to rising column and add query suggested in the db connect app.

set checkpoint, in your case choose logon_time and date also login_time.

————————————
If this helps, give a like below.
0 Karma
Reply

rahul2gupta
Path Finder
‎08-28-2020 04:41 AM
Can I use LOGON_TIME parameter as a Rising Column. It just tell us when the user has logged-in.
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...