See all results that match a portion of a field?

kbcuait · ‎04-15-2013

Hi, is it possible to broaden a search with something like this:

| dbquery "dbname" "SELECT fieldname_(*) FROM tablename"

Where the fieldname_ has multiple variations such as fielname_1, fieldname_2, fieldname_3, etc.

Would like to take a look at a glance what is in all of these fields

Thanks 🙂

stefandagerman · ‎04-15-2013

What you could do in that case is to query the database catalog tables for the table you are interested in and get a list of the columns that are defined for that table. Depends on the RDBMS you are using, for DB2, for example, it's something like: "SELECT * from SYSIBM.SYSCOLUMNS where schema="foo" and table="bar".

That would give you the names (and attributes) of all columns for the table. You could easily filter by adding " AND name LIKE "field name_%" if you only want to see the column names that follow a given pattern.

stefandagerman · ‎04-15-2013

For MySQL, it looks like this:
http://dev.mysql.com/doc/refman/5.0/en/columns-table.html

stefandagerman · ‎04-15-2013

As asked, this is really a SQL question and I think the answer in that case is no, I don't think you can use wildcards in database columns. But I think I may be misunderstanding the question.
Can you tell us a bit more of what exactly you are trying to do?

kbcuait · ‎04-15-2013

Hi yes - wanting to use wildcards in columns. Thank appreciate your answer. Have a number of rather cryptic column names and new with this db, was hoping to use Splunk in this case to get a quick feel for what is in them... If need be I will just click through DB Info pages. Thanks for your response

See all results that match a portion of a field?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio