Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

kvstore lookups from database.

dmcintosh1972
Explorer
‎02-10-2020 10:38 AM

Hi
Please give me any feedback . ideas as to whether I am following the best action.

I have a database table that is occasionally updated / add to. I would like to start using this information in searches as a lookup.

What is the best action to take here?

I had thought of running a search and outputting he data to a KVstore lookup I have tried this but as any record in the table could be updated I am not clear on how to use the Key_field / _key value to pick up the updates.

I have also seen examples using a csv lookup and using joins to merge the old / new data then writing out a new file.

Which method is best for picking up changes that may occur in any field from the database. The records do have a fixed identity field which may help.

Anyone able to recommend best method with an example?

0 Karma
Reply

codebuilder
Influencer
‎02-10-2020 01:19 PM

Use DB Connect. It can hook into your database, automatically generate lookup tables, and keep them updated.

https://splunkbase.splunk.com/app/2686/

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...