Hi everyone,
When I used Splunk DB Connect v1 on MS SQL, I was able to something like that (very simplified):
| dbquery mssql "SELECT GETDATE() AS getdate" | eval _time = getdate | timechart count
But with Splunk DB Connect v2, the datetime is output as string and wasn't recognized as a timestamp, so this doesn't work anymore:
| dbxquery connection=mssql query="SELECT GETDATE() AS getdate" | eval _time = getdate | timechart count
The workaround is to convert the date to timestamp before using it in the timechart:
| dbxquery connection=mssql shortnames=t query="SELECT GETDATE() AS getdate" | eval getdate = strptime(getdate, "%Y-%m-%d %H:%M:%S.%3Q") | eval _time = getdate | timechart count
Is this a desired feature or an issue on my side?
Thanks!
... View more