Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

kvstore lookups from database.

dmcintosh1972
Explorer
‎02-10-2020 10:38 AM

Hi
Please give me any feedback . ideas as to whether I am following the best action.

I have a database table that is occasionally updated / add to. I would like to start using this information in searches as a lookup.

What is the best action to take here?

I had thought of running a search and outputting he data to a KVstore lookup I have tried this but as any record in the table could be updated I am not clear on how to use the Key_field / _key value to pick up the updates.

I have also seen examples using a csv lookup and using joins to merge the old / new data then writing out a new file.

Which method is best for picking up changes that may occur in any field from the database. The records do have a fixed identity field which may help.

Anyone able to recommend best method with an example?

0 Karma
Reply

codebuilder
Influencer
‎02-10-2020 01:19 PM

Use DB Connect. It can hook into your database, automatically generate lookup tables, and keep them updated.

https://splunkbase.splunk.com/app/2686/

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...