Splunk Search

Splunk DB Connect 1: Where do I put the token name in a dbquery search string for a chart drilldown?

kavyaa
Explorer

Hi,

I'm using Splunk 6.2.3 and DB Connect 1. I have connected to an Oracle database. I have applied an input drilldown on a chart, but it is showing "error in dbquery command". this command must be in first search". Please help me and share any document for this.

Thanks in advance,
A.kavya.alt text

0 Karma
1 Solution

fdi01
Motivator

try like:

 | dbquery Oracle limit=1000 "SELECT DISTINCTn EFZ_VIEW_DWT_CBS_GL_BAL.COMPANY_CODE as Subsidiary,n EFZ_VIEW_DWT_CBS_ ...."|eval your_field_name="$field1$"|where your_filter_field=your_field_name|....

View solution in original post

fdi01
Motivator

try like:

 | dbquery Oracle limit=1000 "SELECT DISTINCTn EFZ_VIEW_DWT_CBS_GL_BAL.COMPANY_CODE as Subsidiary,n EFZ_VIEW_DWT_CBS_ ...."|eval your_field_name="$field1$"|where your_filter_field=your_field_name|....

kavyaa
Explorer

Yes. Thank you verymuch. I have already got it. I have tried like that same process

fdi01
Motivator

i happy for you.

0 Karma

srinathd
Contributor

dbquery command must exist as the first word in the query. you can use token fields inside the query or later part.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...