Splunk Search

Splunk DB Connect: How to get dbquery to respect time range picker?

bruceclarke
Contributor

All,

I'd like to do something like the following

| dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > '$earliest$'"

replacing $earliest$ with the value of the earliest timestamp from the time range picker. I see a bunch of somewhat related answers on here, but nothing quite like what I am hoping for.

So, how can I get a dbquery command to respect the time range that I have picked on my timerange picker.

Thanks!

1 Solution

bruceclarke
Contributor

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

View solution in original post

bruceclarke
Contributor

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...