Since in the query below splunk is seaching in outside database, the search takes a lot of time to show results.
| dbquery "MPS" "SELECT * FROM MPS.MPS_MILESTONE WHERE (Design_Element_Name='IPA') AND Report_Milestone!=' ' AND ProjectName='Accelerator_cores'"
Executing that query in the search gives me a result table.
How can i export the result table into a dataset so i can search it with no need to get to the db every time I make a search?
thank you
You can dump it to a CSV file by adding this:
| outputcsv MyCSV
Then you get at it like this:
| inputcsv MyCSV
If this is large, you may cause problems by cluttering up your dispatch directory
You can dump it to a KVStore by setting up a collection
and then adding this:
| outputlookup MyKVStoreLookup
Then you get at it like this:
| inputlookup MyKVStoreLookup
You can dump it to a summary index
like this:
| eval MySpecialField=MySpecialValue | collect MySummaryIndexName
Then you get at it like this:
index=MySummaryIndexName MySpecialField=MySpecialValue
You can dump it to a CSV file by adding this:
| outputcsv MyCSV
Then you get at it like this:
| inputcsv MyCSV
If this is large, you may cause problems by cluttering up your dispatch directory
You can dump it to a KVStore by setting up a collection
and then adding this:
| outputlookup MyKVStoreLookup
Then you get at it like this:
| inputlookup MyKVStoreLookup
You can dump it to a summary index
like this:
| eval MySpecialField=MySpecialValue | collect MySummaryIndexName
Then you get at it like this:
index=MySummaryIndexName MySpecialField=MySpecialValue
shouldn't that be ...
| inputlookup MyKVStoreLookup
Quite correct. Fixed now. Thank you for the oversight.
could not ask for better answer and any faster.
thank you very much!!!!