macro with DBquery

senthilgoa · ‎04-08-2014

Hi
I used macro and its return some results, I want to run dbquery to passing parameter using the macro results
How can i run the Splunk query

example

`testmacro` | map search = "dbquery Database \"SELECT [Change_ID],[Approval_Status_Overall],[Approval_Status_Current],[Assignment_Change_Assignee] FROM [ARSystem].[dbo].[A_Reporting_CHG_Infrastructure_Change_Base_Datamart_AllOpen] where host = $A$\""

here macro result was Asd23400SA
testmacro

Senthil.R

senthilgoa · ‎04-09-2014

Macroname : DB_changes_by_org_grp
macro Content : dbquery DB "SELECT * FROM [ARSystem].[dbo].[A_Reporting_CHG_Infrastructure_Change_Base_Datamart_AllOpen] "
Description : fetches data form SQL

macro name : group
| eval so = "$source$" | eval X =replace(so, "group=", "(Assignment_Support_Group_Name LIKE \"") |eval X =replace(X, "org=", "(Assignment_Support_Organization LIKE \"") | eval Y =replace(X,",", "%\") OR ")|eval Y=Y."%\")"
Description : evaluate where condition based on parameter (splunk where condition)

Final Query
|DB_changes_by_org_grp| where group("group=DBA,org=EAWS,group=Appl,org=PTG")

Description : I wnat run final query like this
dbquery DB "SELECT * FROM [ARSystem].[dbo].[A_Reporting_CHG_Infrastructure_Change_Base_Datamart_AllOpen] " |where (Assignment_Support_Group_Name LIKE "DBA%") OR (Assignment_Support_Organization LIKE "EAWS%") OR (Assignment_Support_Group_Name LIKE "Appl%") OR (Assignment_Support_Organization LIKE "PTG%")

we formed a query but we cant able to run this guery and get the results

BP9906 · ‎07-01-2014

I'm having the same issue. I reported it here:
http://answers.splunk.com/answers/114566/dbquery-command-with-map-command

somesoni2 · ‎04-08-2014

Is the macro eval based? Can you post the macro content?

macro with DBquery

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)