Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

joining multiple select statements in dbxquery

kishen2017
Path Finder
‎12-12-2017 04:53 AM

How to join multiple select statements in dbxquery
Need to display output as
Total Defects 532
Open defects 147
Closed defect 385
I have individual select statements for each row
select count(bug_id) as "Total Defects" from bug
select count(bug_status) as "Open defects" from bug where bug_status='Open'
select count(bug_status) as "Open defects" from bug where bug_status='Close'

Need to know how to join these individual select statements on dbxquery to produce output as mentioned.

Tags (1)
0 Karma
Reply

sandyIscream
Communicator
‎12-12-2017 05:24 AM

Hi Kishen2017,

This is possible in Splunk. Try to construct your query like the below format.

| dbxquery query="select count(bug_id) as "Total Defects" from bug" connection="your connection name" | appendcols [| dbxquery query="select count(bug_status) as "Open defects" from bug where bug_status='Open'" connection="your connection name" ] | appendcols [| dbxquery query="select count(bug_status) as "Open defects" from bug where bug_status='Close'" connection="your connection name"]

You can try by replacing append with appendcols also. (this is as per your convenient)

Reply

kishen2017
Path Finder
‎12-12-2017 05:46 AM

Thanks a lot for your input

0 Karma
Reply

davebrooking
Contributor
‎12-12-2017 05:54 AM

Another alternative would be to use the SQL UNION operator. So you'd have a single dbxquery that executed the SQL statement

select count(bug_id) as "Total Defects" from bug
UNION
select count(bug_status) as "Open defects" from bug where bug_status='Open'
UNION
select count(bug_status) as "Open defects" from bug where bug_status='Close'

Regards

Dave

0 Karma
Reply

cmerriman
Super Champion
‎12-12-2017 05:20 AM

can you try something like this:

|dbxquery connection=db maxrows=0 shortnames=t query="select bug_id, bug_status from bug where bug_status in('Open','Close')"|eval open_defects=if(bug_status="Open",1,0)|eval closed_defects=if(bug_status="Close",1,0)|stats count(bug_id) as "Total Defects" sum(open_defects) as "Open Defects" sum(closed_defects) as "Closed Defects"
0 Karma
Reply

kishen2017
Path Finder
‎12-12-2017 05:45 AM

Thanks a lot for your input

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...