Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to write dbquery in search

vikas_gopal
Builder
‎02-19-2014 07:01 AM

Hi guys,
Please help me to write a dbquery in search bar.I have the following dbquery
| dbquery "databasename" "select la,ba from abc" .
I want to type this query in search bar as
source=databasename sourcetype=tablename | fields la,ba

I tried but it says invalid source or sourcetype. Please help me to write dbquery in search bar so that Splunk can read it in it's own syntax .....

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 08:30 AM

That's not going to work, Splunk cannot translate SPL into SQL.

What's wrong with using | dbquery databasename "SQL query"?

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 08:30 AM

That's not going to work, Splunk cannot translate SPL into SQL.

What's wrong with using | dbquery databasename "SQL query"?

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 10:10 AM

Running a piece of SQL through dbquery and indexing events from a database are two unrelated concepts, dbquery runs its SQL at search time, no indexing involved.

You can configure DBConnect to run SQL queries on a schedule and index their results, see http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Configuredatabasemonitoring for more info.

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎02-19-2014 10:09 AM

FYI I build connection to oracle database with ODBC and in DBconeect I used "database connection in Splunk manager" option .

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎02-19-2014 09:42 AM

Thanks Martin..in the first line you cleared my doubt and nothing is wrong with |dbquery it works absolutely fine but I am trying to understand the concept how indexing will work with DBconnect.Please correct me if I am wrong , as per my understanding Splunk will act as frontend app if we connect to database using DBConnect app Splunk won't do indexing of the data.If it does then how (I mean at what stage it indexes the data is it at the time of running the query or at the time of connecting database using DBconnect)

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...