I want to be able to do a search of an index with search parameters returned from a database lookup. An example would be a table like:
User Name | Employee ID
Jim 1234
Joe 2345
Then my search could either search the index for all Names or be able to pass an employee id to just return the one name. I would eventually want to create a view with a form where the user can either enter an Employee ID or * for all. I have installed DB Connect and can view the database and run queries but can't figure out how to get the lookup to work from an normal search command from my app. Can anyone tell me if this is possible and if so how it can be done or where I should start with?
Update:
I was able to get this almost working using this search
index=* [ | dbquery "dbName" "SELECT empName FROM tblName where mail='
[email protected]'"]
The problem I am now having is the name is found in one of my indexes but not the other. The difference is in one index the name is upper/lowercase just like the db and it is found. On the ohter is is all lowercase so it doesn't seem to find it. I have tried using LOWER(empName) inside the sql cmd and also eval lower([.....]) but neither return any results. I know splunk is supposed to be case insensitive but I have found some posts that say that may not be true for some types of data. Anyone have any ideas how I can get this last piece to work.
... View more