@thomasroulet
Looks like a small opening for the issue, however need your guidance.
The below query gives me a warning- Unable to run query '| dbxquery connection="EMP-PR" query="select * FROM BIA_BA_EUL.View'.:
Looks it is not recognising the double quotes in the multi word table name properly.
The database is netezza where we give table name as BIA_BA_EUL."View Employee Helpdesk"
splunk_server=ass index="ass_main" host=*pr
| rex field=_raw "(? [0-9]{12})"
| dedup EMPID
| fields EMPID
| stats values(EMPID) as EMPID
| eval EMPID = "'".mvjoin(EMPID, "','")."'"
| map search="| dbxquery connection="EMP-PR" query=\"select * FROM BIA_BA_EUL.\"View Employee Helpdesk\" WHERE \"Employee Number\" in ($EMPID$)\" "
When i change the query to below:
[map]: org.netezza.error.NzSQLException: ERROR: 'select * FROM BIA_BA_EUL.'View Employee Helpdesk' WHERE 'Employee Number' IN ('EMP1','EMP2','EMP3') ANALYZE' error ^ found "'" expecting an identifier found a keyword
However, it looks like Employee Number is being properly passed to the query as input.
splunk_server=ass index="ass_main" host=*pr
| rex field=_raw "(? [0-9]{12})"
| dedup EMPID
| fields EMPID
| stats values(EMPID) as EMPID
| eval EMPID = "'".mvjoin(EMPID, "','")."'"
| map search="| dbxquery connection="EMP-PR" query=\"select * FROM BIA_BA_EUL.'View Employee Helpdesk' WHERE 'Employee Number' in ($EMPID$)\" "
... View more