Hi All,
I want to pass the value to the db query in the splunk search . Please let me know is their anyway and provide me example.
my Query:
Am not able to pass the value to the dbQuery and getting error please help.
| eval grName="'CMT%'" | dbquery Remedy "SELECT Organization, Group_Name FROM tableName where Assignment_Support_Organization like " + grName
Thanks
Sathish R
You can pass values from the results to another search using the map
command. In your case, it'd look something like this:
base search producing grName fields | map search="dbquery Remedy \"SELECT Organization, Group_Name FROM tableName where Assignment_Support_Organization like $grName$\""
One important thing to note: This will launch one search for every result produced by the search pipeline before the map. If you want to launch a lot of searches you'll need to modify the safeguard maxsearches
parameter that stops accidental floods of searches from happening. See http://docs.splunk.com/Documentation/Splunk/6.0.2/SearchReference/map for reference.
Thank you Marty... I will check and post my comment