Solved: Splunk DB Connect: How to get dbquery to respect t...

bruceclarke · ‎11-19-2014

All,

I'd like to do something like the following

| dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > '$earliest$'"

replacing $earliest$ with the value of the earliest timestamp from the time range picker. I see a bunch of somewhat related answers on here, but nothing quite like what I am hoping for.

So, how can I get a dbquery command to respect the time range that I have picked on my timerange picker.

Thanks!

bruceclarke · ‎12-01-2014

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

View solution in original post

bruceclarke · ‎12-01-2014

I was able to use @sowings answer from this question. I prefer @sowings' answer to @ziegfried's, because it avoids having to pull possibly millions of records into Splunk prior to filtering by time. This best fits my use case.

I also created a search macro to make it easier to use. Thanks all!

Splunk DB Connect: How to get dbquery to respect time range picker?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

Splunk DB Connect: How to get dbquery to respect time range picker?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases