Solved: Re: Splunk DB Connect 1: Where do I put the token ...

kavyaa · ‎06-24-2015

Hi,

I'm using Splunk 6.2.3 and DB Connect 1. I have connected to an Oracle database. I have applied an input drilldown on a chart, but it is showing "error in dbquery command". this command must be in first search". Please help me and share any document for this.

Thanks in advance,
A.kavya.

fdi01 · ‎06-24-2015

try like:

 | dbquery Oracle limit=1000 "SELECT DISTINCTn EFZ_VIEW_DWT_CBS_GL_BAL.COMPANY_CODE as Subsidiary,n EFZ_VIEW_DWT_CBS_ ...."|eval your_field_name="$field1$"|where your_filter_field=your_field_name|....

View solution in original post

fdi01 · ‎06-24-2015

try like:

 | dbquery Oracle limit=1000 "SELECT DISTINCTn EFZ_VIEW_DWT_CBS_GL_BAL.COMPANY_CODE as Subsidiary,n EFZ_VIEW_DWT_CBS_ ...."|eval your_field_name="$field1$"|where your_filter_field=your_field_name|....

kavyaa · ‎06-24-2015

Yes. Thank you verymuch. I have already got it. I have tried like that same process

fdi01 · ‎06-24-2015

i happy for you.

srinathd · ‎06-24-2015

dbquery command must exist as the first word in the query. you can use token fields inside the query or later part.

Splunk DB Connect 1: Where do I put the token name in a dbquery search string for a chart drilldown?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life