Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Rowcount comparisons on large numbers of database tables

mcomfurf
Path Finder
‎04-27-2015 11:44 AM

I'm working with a customer to run rowcount comparisons between two tables that are replicating data in one direction, from A>B, and alert if the delta between the two is more than x%.

If the results of select count * from DB_A_Table_1 are more than +/- 5% different from the results of select count * from DB_B_Table_1, then we trigger an alert. The POC was against a single pair of tables, and worked so well the customer now wants about 170 pairs of tables compared. I have to imagine there's a more elegant way to do this than to set up 340 DBConnect queries to index and then 170 alerts, though I do want to index rowcount results each time so we can see trends when troubleshooting.

If someone has done this in the past, your guidance is appreciated. If no one pipes up, I will post the solution when I arrive at one, hopefully only slightly balder and greyer then I am at the time of this writing.

Tags (2)
Reply

woodcock
Esteemed Legend
‎05-12-2015 01:48 PM

I vaguely recall (but could not confirm after searching for a bit) that when you first connect to a DB, before you give any dbquery commands, Splunk receives a table summary that includes rowcount and a few other things. If this is true, you can just do connections and no queries and save a bunch of time/effort.

0 Karma
Reply

ppablo
Retired
‎04-27-2015 11:56 AM

Hi @mcomfurf

It'll be helpful for other users if you could provide more details in your post. What version of Splunk are you using? What version of DB Connect? Do you have an expected output/format? What have you tried so far that works or doesn't work? You should always provide as much detail as possible to save people time from asking you all these questions to gather information.

0 Karma
Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...
Top