Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DB Lookup using SQL Server

dbuchanan46
New Member
‎05-05-2014 02:18 PM

Hello,

I have a simple search containing clientid that relates back to an ID in one of my SQL Server tables. The search is:

sourcetype="twitter.newIndex.stats" | chart count by clientId | sort -count by clientId

In my SQL Server Clients table I have a field called provId that is the same as ClientId in my Splunk search. I would like to display the Clients desciption(clientProj) based on this relationship. I've created the connection to the database and I have used DB Connect to create a query that displays all the project descriptions based on the same client ID. The actual query is:

SELECT provId, clientProj FROM dbo.Clients

What is the easiest way to use this query as a lookup within my Splunk Search? My clients will grow over time, so the table is not static.

Thanks for your help.

0 Karma
Reply

ilink_splunk
Splunk Employee
Splunk Employee
‎05-08-2014 09:48 AM

Check out the docs for creating a lookup with db connect. Make sure you index your lookup database table first. Also, it is probably best to avoid the dblookup command, at least in production.

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...