Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk DB Connect: How to log results of dbquery?

dr_juice
Explorer
‎01-21-2015 01:52 PM

I've connected to an MS SQL database using DB Connect and have a query running that successfully extracts table data. My question is I only get the results of the current query and do not see any events of past queries.

Basically, I want to log the number of active users of an application over time. Other than dumping the query to a text file, and then using that as a secondary input, is there a way to do it with my current SQL query?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dr_juice
Explorer
‎01-22-2015 11:04 AM

I've figured it out by creating a new index and adding a connect statement to the query and referencing the new index name.

| collect index= sourcetype=

They're small outputs (ie. less than 50 rows per query) so I don't think performance is being impacted.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dr_juice
Explorer
‎01-22-2015 11:04 AM

I've figured it out by creating a new index and adding a connect statement to the query and referencing the new index name.

| collect index= sourcetype=

They're small outputs (ie. less than 50 rows per query) so I don't think performance is being impacted.

0 Karma
Reply
Solved! Jump to solution

pmdba
Builder
‎01-21-2015 01:57 PM

Check the documentation for DBConnect. You can create a SQL-based input and index the results just like any other input.

0 Karma
Reply
Solved! Jump to solution

dr_juice
Explorer
‎01-22-2015 10:52 AM

Yes, thanks. My difficulty was applying the documentation to my needs.

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...