Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Passing a field from a database query to another search DB Connect

stephenho
Path Finder
‎03-05-2013 02:14 AM

Hi,

I was playing around with DB connect and it is quite cool. However, when I was trying to make a dashboard out of some tables, I couldn't work out how to pass the values out of the original query.

In the simplest example : -
| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table myValue

appears to give me a blank value. Although if I leave out everything after the first pipe, it does work.

I also plan to use SideView utils to build some dashboards and will I be able to pass values from the query to other modules?

Thanks in advance.

Cheers,

Steve

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-05-2013 12:34 PM

In this particular case you have the problem that Oracle typically returns column names in uppercase. dbquery simply emits the results it gets from the database. So in your example you could fix it by using the column name in upper case in the table command (which is case sensitive).

| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table MYVALUE

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-05-2013 12:34 PM

In this particular case you have the problem that Oracle typically returns column names in uppercase. dbquery simply emits the results it gets from the database. So in your example you could fix it by using the column name in upper case in the table command (which is case sensitive).

| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table MYVALUE
0 Karma
Reply
Solved! Jump to solution

stephenho
Path Finder
‎03-05-2013 12:51 PM

Thanks Ziegfried. Appreciate it!

0 Karma
Reply
Solved! Jump to solution

stephenho
Path Finder
‎03-05-2013 12:30 PM

Here's an example using the HR.employees table. I can't seem to put the value of count(*) into a value to move it into another part of a search. 

C:\Program Files\Splunk\bin>splunk search "|dbquery orcl limit=1000 \"select count(*) as myEmployees from hr.employees\""
MYEMPLOYEES
-----------
        107

C:\Program Files\Splunk\bin>splunk search "|dbquery orcl limit=1000 \"select count(*) as myEmployees from hr.employees\" |table myEmployees"
INFO: No matching fields exist

Does that help?

0 Karma
Reply
Solved! Jump to solution

ziegfried
Influencer
‎03-05-2013 05:29 AM

Please explain in more detail what you want to achieve by "passing values out of the original query".

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...