Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

insert the earliest and latest in the DBquery

radomo
Explorer
‎10-03-2013 08:09 AM

Hello

I'm breaking my brain for make one thing. I recovery the data from External database, in this point no problem, the problem success when I need insert the earliest and latest in the query.

is it possible make this? or in the other hand am I trying something impossible?

I'd tried to resolve with insert the variable into the splunkQuery but nothing.

This is the query

<input type="time">
        <default>Last 7 days</default> 
      </input>
      <searchString>| dbquery mydb limit=1000 "select DATE_FORMAT(en.fechaExpedicion,'%d-%m-%Y') as fecha, sum(something) as adds WHERE DATE(en.date) BETWEEN DATE($earliestTime$)  AND DATE($latestTime$) " | table fecha, * | addtotals fieldname="TOTAL DIA" *
</searchString>
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎10-03-2013 09:46 AM

There isn't a previous search to pull earliest/latest times. You could put in fields that take earliest and latest.

<input type="text" token="earliestDBTime" /><input type="text"token="latestDBTime" />
<searchString> |dbquery mydb limit=10000 "select DATE_FORMAT(......) | table fecha * |addtotals fieldname="TOTAL DIA" * </searchString>

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎10-03-2013 09:46 AM

There isn't a previous search to pull earliest/latest times. You could put in fields that take earliest and latest.

<input type="text" token="earliestDBTime" /><input type="text"token="latestDBTime" />
<searchString> |dbquery mydb limit=10000 "select DATE_FORMAT(......) | table fecha * |addtotals fieldname="TOTAL DIA" * </searchString>

0 Karma
Reply
Solved! Jump to solution

radomo
Explorer
‎10-03-2013 11:44 PM

Thanks for your fast answer, you have gave me a different point of view and I like it.
It's a great solution.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...