Splunk User Behavior Analytics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to handle if table doesn't exist in a schema?

dezmadi
Path Finder
‎08-26-2022 05:07 AM

Hi,

 

I am running below query, however I am getting error saying relation "analytics_hca_change_indicator_event doesn't exist" even if table doesn't exist in any one of the schema

| koogledimen service=TenantPPASQuery action=AdhocQuery targetGroup="keng03-dev01-ins08-wfm19-dbs" app="Unknown_App/ppas_dheeraj_r9int" schema="_ALL_" query="select date(createdtm), count(*) from analytics_hca_change_indicator_event group by createdtm " | eval envstatus=if(like(scope, "%dev01%"), 1, 0)| eval wfmstatus=if(like(scope, "%wfm19%"), 1, 0) | where envstatus=1 and wfmstatus=1 | eval wfm_schemaname = mvindex(split(scope, "-"), -1).schemaname| eval wfm_schemaname = mvindex(split(scope, "-"), -1)."_".schema_name | chart sum(count) by date,wfm_schemaname

 

How to handle this scenario please?

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...