Solved: Splunk DB Connect: How to get dbquery to respect t...

bruceclarke · ‎11-19-2014

All,

I'd like to do something like the following

| dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > '$earliest$'"

replacing $earliest$ with the value of the earliest timestamp from the time range picker. I see a bunch of somewhat related answers on here, but nothing quite like what I am hoping for.

So, how can I get a dbquery command to respect the time range that I have picked on my timerange picker.

Thanks!

bruceclarke · ‎12-01-2014

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

View solution in original post

bruceclarke · ‎12-01-2014

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

Splunk DB Connect: How to get dbquery to respect time range picker?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Splunk DB Connect: How to get dbquery to respect time range picker?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...