Solved: insert the earliest and latest in the DBquery

radomo · ‎10-03-2013

Hello

I'm breaking my brain for make one thing. I recovery the data from External database, in this point no problem, the problem success when I need insert the earliest and latest in the query.

is it possible make this? or in the other hand am I trying something impossible?

I'd tried to resolve with insert the variable into the splunkQuery but nothing.

This is the query

<input type="time">
        <default>Last 7 days</default> 
      </input>
      <searchString>| dbquery mydb limit=1000 "select DATE_FORMAT(en.fechaExpedicion,'%d-%m-%Y') as fecha, sum(something) as adds WHERE DATE(en.date) BETWEEN DATE($earliestTime$)  AND DATE($latestTime$) " | table fecha, * | addtotals fieldname="TOTAL DIA" *
</searchString>

alacercogitatus · ‎10-03-2013

There isn't a previous search to pull earliest/latest times. You could put in fields that take earliest and latest.

<input type="text" token="earliestDBTime" /><input type="text"token="latestDBTime" /> <searchString> |dbquery mydb limit=10000 "select DATE_FORMAT(......) | table fecha * |addtotals fieldname="TOTAL DIA" * </searchString>

View solution in original post

alacercogitatus · ‎10-03-2013

There isn't a previous search to pull earliest/latest times. You could put in fields that take earliest and latest.

<input type="text" token="earliestDBTime" /><input type="text"token="latestDBTime" /> <searchString> |dbquery mydb limit=10000 "select DATE_FORMAT(......) | table fecha * |addtotals fieldname="TOTAL DIA" * </searchString>

radomo · ‎10-03-2013

Thanks for your fast answer, you have gave me a different point of view and I like it.
It's a great solution.

Thanks

insert the earliest and latest in the DBquery

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?