Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

DB Lookup using SQL Server

dbuchanan46
New Member
‎05-05-2014 02:18 PM

Hello,

I have a simple search containing clientid that relates back to an ID in one of my SQL Server tables. The search is:

sourcetype="twitter.newIndex.stats" | chart count by clientId | sort -count by clientId

In my SQL Server Clients table I have a field called provId that is the same as ClientId in my Splunk search. I would like to display the Clients desciption(clientProj) based on this relationship. I've created the connection to the database and I have used DB Connect to create a query that displays all the project descriptions based on the same client ID. The actual query is:

SELECT provId, clientProj FROM dbo.Clients

What is the easiest way to use this query as a lookup within my Splunk Search? My clients will grow over time, so the table is not static.

Thanks for your help.

0 Karma
Reply

ilink_splunk
Splunk Employee
Splunk Employee
‎05-08-2014 09:48 AM

Check out the docs for creating a lookup with db connect. Make sure you index your lookup database table first. Also, it is probably best to avoid the dblookup command, at least in production.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...