Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to connect two databases from different servers with join command?

razzeri
Observer
‎01-19-2023 11:55 AM

Hello guys. I received this task at my job, and I still need money in my pocket, so please help me :)) 
I'm in a Network Operational team; maybe this will help you understand better the following description.

So, In a single Splunk search I have to connect 2 databases, from different servers

One DB contains "Incidents"Incident ID, Start time of the Incident (Let's call it A), End time of the incident (B)
The other DB contains  "Call Complaints"The timestamp of each Call complaint (C).

I need to find out the amount of call complaints for each incident. So, if C>=A AND C<=B, we count a call complaint for a specific incident, and we can move on to check the next C timestamp, and so on. 

I have issues right from the start. I tried to connect the databases with the next syntax:

| dbxquery query=[...]  connection=A
| join
              [ dbxquery  query=[...]  connection=B]

But, when I try a table command to see the interesting fields for me (Incident ID, A, B, C), the fields from the joined DB are looking the same on each line..Capture.PNG
Could you please help me with this? 

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-19-2023 06:26 PM

Hi @razzeri,

Join command default type is  INNER which tries to match all possible fields. Can you try below?

Assuming connection A is your Incidents table.

| dbxquery query=[...]  connection=A
| join type=left max=0 INCIDENT_NUMBER
              [ dbxquery  query=[...]  connection=B]

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

razzeri
Observer
‎01-19-2023 12:22 PM

I think I need a new "time" field to link with both DB. But how??

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...