Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

dbconnect returning data from 2 db's with same field names

Cuyose
Builder
‎08-26-2013 01:50 PM

Splunk doesn't seem to work with the AS operator in SQl, but rather expects you to RENAME after the query. But what do you do if the query returns the same field name in 2 dbs like this? When I try to rename off the "m.first_name" it doesnt work.

| dbquery DATABASE " SELECT m.first_name AS mFirstName,
mb.first_name AS mb_firstname
FROM DATABASE.TABLE1 m,

DATABASE.TABLE2 mb

WHERE m.id = mb.entity_id"

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎08-26-2013 04:52 PM

As some other threads, "AS alias" does not work properly status quo.
I have escaped that you do the following.

ex.
m.first_name+"" AS mFirstName, mb.first_name+"" AS mb_firstname

View solution in original post

Reply
Solved! Jump to solution

rdownie
Communicator
‎08-27-2013 06:02 PM

You can use the Advanced setting when you create your lookup and rename it in the SQL query there. Then it will return as any name you want it to. I had to do this with spaces in column names which Splunk did not know how to handle and it worked great.

0 Karma
Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎08-26-2013 04:52 PM

As some other threads, "AS alias" does not work properly status quo.
I have escaped that you do the following.

ex.
m.first_name+"" AS mFirstName, mb.first_name+"" AS mb_firstname

Reply
Solved! Jump to solution

Cuyose
Builder
‎08-27-2013 06:15 PM

Bam this worked! Thank you!

0 Karma
Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎08-27-2013 05:57 PM

If I could use TRIM, I want you to try and TRIM

trim(m.first_name) AS mFirstName, trim(mb.first_name) AS mb_firstname

Reply
Solved! Jump to solution

Cuyose
Builder
‎08-27-2013 07:57 AM

The first and last names from both tables have values when just running the query against the SQL db. When adding the suggested (AS) syntax fix to the splunk dbquery the new field names are now displayed in the results from the new search but all the first and last name fields for the renamed table return 0's and not the data from the db.

0 Karma
Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎08-26-2013 06:12 PM

What data do you missing? Regularity or is likely something?
My environment is MySQL Server 5.5.

0 Karma
Reply
Solved! Jump to solution

Cuyose
Builder
‎08-26-2013 05:38 PM

This returns the columns now, but doesn't return any data for those renamed columns. running in sql works fine though.

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top