Re: DBConnect - Best way to join three tables

UMoritz · ‎01-21-2014

Hi

I've three tables with the following structure in the same Microsoft SQL database:

ApplicationEvent - Columns: id,application_id,message

Application - Columns: id,name, applicationtype_id

ApplicationType - Columns: id, name

I want to get the following row in SPLUNK:
ApplicationEvent.message, Application.name, ApplicationType.name

What's the best way to achieve this?

I've tried automatic lookups, lookup command and join without success.

Thanks in advance

UMoritz · ‎01-22-2014

Hi all

Thanks for your answers. I'll check this.

jpass · ‎01-21-2014

Why not create a 'view' on the database server that joins these tables. Then your dbconnect query is a simple select * from view_name

UMoritz · ‎01-22-2014

Hi jpass

thanks to you, too.

linu1988 · ‎01-21-2014

Yes best think to do, it's waste of resource to do that in splunk..

martin_mueller · ‎01-21-2014

Have you considered joining them in SQL before indexing / loading into Splunk?

DBConnect - Best way to join three tables