Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to write dbquery in search

vikas_gopal
Builder
‎02-19-2014 07:01 AM

Hi guys,
Please help me to write a dbquery in search bar.I have the following dbquery
| dbquery "databasename" "select la,ba from abc" .
I want to type this query in search bar as
source=databasename sourcetype=tablename | fields la,ba

I tried but it says invalid source or sourcetype. Please help me to write dbquery in search bar so that Splunk can read it in it's own syntax .....

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 08:30 AM

That's not going to work, Splunk cannot translate SPL into SQL.

What's wrong with using | dbquery databasename "SQL query"?

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 08:30 AM

That's not going to work, Splunk cannot translate SPL into SQL.

What's wrong with using | dbquery databasename "SQL query"?

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-19-2014 10:10 AM

Running a piece of SQL through dbquery and indexing events from a database are two unrelated concepts, dbquery runs its SQL at search time, no indexing involved.

You can configure DBConnect to run SQL queries on a schedule and index their results, see http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Configuredatabasemonitoring for more info.

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎02-19-2014 10:09 AM

FYI I build connection to oracle database with ODBC and in DBconeect I used "database connection in Splunk manager" option .

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎02-19-2014 09:42 AM

Thanks Martin..in the first line you cleared my doubt and nothing is wrong with |dbquery it works absolutely fine but I am trying to understand the concept how indexing will work with DBconnect.Please correct me if I am wrong , as per my understanding Splunk will act as frontend app if we connect to database using DBConnect app Splunk won't do indexing of the data.If it does then how (I mean at what stage it indexes the data is it at the time of running the query or at the time of connecting database using DBconnect)

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...