Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Searching in an index ingested from database tables

Sunil2020
Explorer
‎07-05-2020 12:27 PM

Dear Splunkers,

I am trying to achieve below and would like to ask for help in suggestions, solutions or pointers for the same.

Scenario:

I have two database tables A and B and both are related by unique identifier (i.e. order number). We have a situation where there are cases which are taking more time to process the orders (say more than 15 minutes) which can be found from table A. Table B has data in terms of events occurred during order placed and order served. 

  1) We would like to see what's going on for the orders which is taking more time than 15 minutes. There could be reasons like rush hours, counter operator is not available, more customers due to some offers or something.

 2) How best can we derive the patterns for the give data?

How best we can write searches and create reports or dashboards to achieve the above scenario to demonstrate operational efficiency of a store? 

Your help is highly appreciated.

Labels (2)
Labels
Tags (1)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-05-2020 12:47 PM

Hi

basically you have two option (probably you should mix them?).

- collect needed log files from app servers to get audit and technical trail 

- use DB Connect to get data directly from DB

to said what is the best way needs more information of your systems. 
r. Ismo

0 Karma
Reply

Sunil2020
Explorer
‎07-05-2020 11:41 PM

Hi @isoutamo 

Thank you for your inputs. I am using DB connect and got the data from both tables into spunk.

Table A has nearly 100000 records where Table B has more than 4 million records. Using data from table A where i can find how many orders took long time. Table B data will give me details like who (user) has served that order and what he (user) was doing (might have other orders, or any other reasons) between the time order came in and served.

I need pointers to build search query for above scenario.

 

Thank You.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-05-2020 11:50 PM

Hi

based on your current information, I create an alert or report which figure out with DBX from table A which transactions take too long and then enrich that data from table B data already in Splunk. That could be also a dashboard. 
r. Ismo

0 Karma
Reply

Sunil2020
Explorer
‎07-06-2020 12:09 AM

Thank you @isoutamo 

As of now i have static data for 15 days ingested in the splunk to be analyzed and i am struggling with search query basically. Table A gives me orderID which took longer while table B gives me user who processed the order and also how many other task or activity for that user during that timeframe (from order came in to order processed).

Can you please help me with search query for above case?

 

 

Thank You.

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...