Knowledge Management

How to extract the table name from a database having some entries with some particular suffix?

itmonitoring
Explorer
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You can let DB Connect run any SQL query, index the results, and search/alert on those results within Splunk.

That's very generic, but I need more info for a more specific answer. Post details about what you need, what you've tried, and so on.

0 Karma

itmonitoring
Explorer

I have installed sblunkdb connect for some host with some database details now is it possible i can produce a query for extracting name of some particular tables LIKE %err having some update in last five minutes ?

0 Karma

Richfez
SplunkTrust
SplunkTrust

Let me see if I have this correct:

Splunk is reading in data from some tables. You need to have a search in Splunk that displays the rows of those tables that match %_ERR within the last 5 minutes?

If so, something like the below may be all you need:

index=<whatever> source=<include other filtering to get just your records> %_ERR 

or perhaps

index=<whatever> source=<include other filtering to get just your records> *_ERR* 

Then set your timeline to be "5 minute window."

If that's not the right question, please post some more complete information about exactly what it is you are trying to do, perhaps with a few short samples of the data, and I'm sure we can help.

0 Karma

itmonitoring
Explorer

We are looking to extract name of tables from database in which we got some latest entries say in last five minutes and table name should be like '%_ERR'

0 Karma

richgalloway
SplunkTrust
SplunkTrust

So you're trying to determine which *_ERR tables have changed in the last 5 minutes? What kind of database? How would you do this using a typical client for that database?

---
If this reply helps you, Karma would be appreciated.
0 Karma

itmonitoring
Explorer

We have already set splunkdb connect and database is oracle,so Just trying to figure out the way.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

A little more info about what exactly you are trying to do would be helpful.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...