Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DB Connect 1: Is it possible to get a new field using dbquery that does not exist in an index?

sfatnass
Contributor
‎06-15-2015 08:12 AM

Hi

I want to know if it's possible to get a new field from dbquery that does not exist in an index:

index=A 
[|inputlookup file.csv | table field_ip]
| join type=outer fieldA [dbquery ..."select......" |fields + fieldA |rename fieldA as fieldB]
|table fieldB

i tried this, but was not successful. fieldB doesn't exist in index=A, but i need it. How can i do it?

thx

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎06-28-2015 07:52 PM

The right way to do this is a dblookup.

0 Karma
Reply

sfatnass
Contributor
‎06-30-2015 12:27 AM

but the dblookup can return just the first matching line in my database

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Manual Instrumentation with Splunk Observability Cloud: The What and Why

If you've ever worked with distributed systems, you’ve likely felt the pain of a frontend throwing errors, ...

Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and ...

Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and Splunk ES Protecting a ...

It's Customer Success Time at .conf25

Hello Splunkers,   Ready for .conf25? The customer success and experience team is and can’t wait to see you ...
Top