Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Passing a field from a database query to another search DB Connect

stephenho
Path Finder
‎03-05-2013 02:14 AM

Hi,

I was playing around with DB connect and it is quite cool. However, when I was trying to make a dashboard out of some tables, I couldn't work out how to pass the values out of the original query.

In the simplest example : -
| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table myValue

appears to give me a blank value. Although if I leave out everything after the first pipe, it does work.

I also plan to use SideView utils to build some dashboards and will I be able to pass values from the query to other modules?

Thanks in advance.

Cheers,

Steve

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-05-2013 12:34 PM

In this particular case you have the problem that Oracle typically returns column names in uppercase. dbquery simply emits the results it gets from the database. So in your example you could fix it by using the column name in upper case in the table command (which is case sensitive).

| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table MYVALUE

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ziegfried
Influencer
‎03-05-2013 12:34 PM

In this particular case you have the problem that Oracle typically returns column names in uppercase. dbquery simply emits the results it gets from the database. So in your example you could fix it by using the column name in upper case in the table command (which is case sensitive).

| dbquery orcl limit=1000 "select count(*) as myValue from tableA" |table MYVALUE
0 Karma
Reply
Solved! Jump to solution

stephenho
Path Finder
‎03-05-2013 12:51 PM

Thanks Ziegfried. Appreciate it!

0 Karma
Reply
Solved! Jump to solution

stephenho
Path Finder
‎03-05-2013 12:30 PM

Here's an example using the HR.employees table. I can't seem to put the value of count(*) into a value to move it into another part of a search. 

C:\Program Files\Splunk\bin>splunk search "|dbquery orcl limit=1000 \"select count(*) as myEmployees from hr.employees\""
MYEMPLOYEES
-----------
        107

C:\Program Files\Splunk\bin>splunk search "|dbquery orcl limit=1000 \"select count(*) as myEmployees from hr.employees\" |table myEmployees"
INFO: No matching fields exist

Does that help?

0 Karma
Reply
Solved! Jump to solution

ziegfried
Influencer
‎03-05-2013 05:29 AM

Please explain in more detail what you want to achieve by "passing values out of the original query".

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...