- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk DB Connect: Is it possible to specify a SQL...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the DB Connect app, when I try to add a Database Input, instead of selecting a Table Name I would like to Specify the SQL Query.
I want to run a very simple join query to use as the input. Is this possible? If so, what am I doing wrong:
select Documents.tmpname, DocumentStatistics.*
From DocumentStatistics
INNER JOIN Documents
On DocumentStatistics.image_id=Documents.image_id;
I am getting the following error when I try to do this (it works fine if I just select the table):
01-13-2015 11:53:46.206 +1100 ERROR AdminManagerExternal - Received malformed XML from external handler:\nFailed to validate: com.splunk.config.SplunkConfigurationException: Error validating dbmonTail for monitor=dbmon-tail://Database/New Data: [New Data] Invalid query " select Documents.tmpname, DocumentStatistics.*\r\r\n From DocumentStatistics\r\r\n INNER JOIN Documents\r\r\n On DocumentStatistics.image_id=Documents.image_id;" without proper {{ ... $rising_column$ > ?}} pattern! with query = ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The answer is that I forgot to append the following to my query:
{{WHERE $rising_column$ > ?}}
Now all working. Thanks Musskopf for setting me in the right direction.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The answer is that I forgot to append the following to my query:
{{WHERE $rising_column$ > ?}}
Now all working. Thanks Musskopf for setting me in the right direction.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, have you had a problem with the date in your table? because i have a problen with that, the format is diferente when i import the data of my data bases within splunk.
regards.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks musskopf, I have added the error logs to the question
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to do that, the only thing might preventing you is a duplicated column name. Can you see any errors inside dbx.log file?
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
