Solved: subsearch using dbquery did not show the results ?

chaitat · ‎07-02-2015

I'm having problems using a dbquery command to filter the results of a search.
When I run this search :
| dbquery trams_nw "SELECT daily_report_date,symbol,ytm,updated_date
FROM v_splunk_trade_transaction_updated_date_view where convert(varchar(10),daily_report_date,120) ='2015-06-30'"
[ dbquery trams_nw "SELECT daily_report_date,symbol,ytm,updated_date
FROM v_splunk_trade_transaction_updated_date_view where convert(varchar(10),daily_report_date,120) ='2015-06-30'"
| stats count by symbol
| sort -count
| streamstats dc(symbol) as rank
| where rank=1
| table symbol]
| table symbol ytm

when I got result from this search as below. It's seem that the query in subsearch part not working
symbol ytm
1. CALL2OA 4.45
2. CALL2OA 4.36
3. CALL66A 2.80
4. C15O22A 1.46
5. C15O22A 1.61
6. C15O22A 1.47
7. C15O22A 1.70
8. C15O22A 1.67

the result should be like this
1. C15O22A 1.465

martin_mueller · ‎07-02-2015

Modify your search like this and try again:

| dbquery ...
| search [dbquery ...]
| ...

Basically, add a search command before the second dbquery.

View solution in original post

martin_mueller · ‎07-02-2015

Modify your search like this and try again:

| dbquery ...
| search [dbquery ...]
| ...

Basically, add a search command before the second dbquery.

chaitat · ‎07-07-2015

Thankyou verymuch martin_mueller. It's working as I want.

subsearch using dbquery did not show the results ?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk