As per the response from Splunk Education team
"This is data that is downloaded and ingested during the module for lab 4
. It is not tied to the DB Connect app. It is a standard Database Audit log output from a Postgres database"
So in case Lab 9 is Task 6 does not work, go back to Lab 4.
hello there,
task 6 in exercise 9 is about showperc on the access_combine data
" Use the showperc option of top to remove percent from the display. "
please take another look at lab module 4 and verify you followed all the steps to index the db_audit csv file
hope it helps
task 6 in exercise 9 is using the stats avg command on the db_audit database to find the duration of each of the queries. I am also having the same problem of no results being found. I also tried to search all of the db_audit and still got the error that no results were returned. I re-uploaded the data and am still having he same results. Thank you if anyone can help.
Can you add the detailed step and query from the Task which is not running? Is it index=_audit
or db_audit
?
I think db_audit sourcetype is applicable for DB Connect App. However, if you are going through Lab excercises to practice and test some commands, you can apply them to some other sourcetype and change field names accordingly. Can you please add the search which you want to practice?
If you just want to practice top command you can try the following run anywhere search as far as you have the access to query Splunk's _internal index:
index=_internal sourcetype=splunkd log_level="ERROR"
| top 10 component showperc=f showcount=t
For us to help you with specific issue with your query you might have to add the query and sample data here.