Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

See all results that match a portion of a field?

kbcuait
Explorer
‎04-15-2013 11:34 AM

Hi, is it possible to broaden a search with something like this:

| dbquery "dbname" "SELECT fieldname_(*) FROM tablename"

Where the fieldname_ has multiple variations such as fielname_1, fieldname_2, fieldname_3, etc.

Would like to take a look at a glance what is in all of these fields

Thanks 🙂

Tags (3)
0 Karma
Reply

stefandagerman
Path Finder
‎04-15-2013 11:54 AM

What you could do in that case is to query the database catalog tables for the table you are interested in and get a list of the columns that are defined for that table. Depends on the RDBMS you are using, for DB2, for example, it's something like: "SELECT * from SYSIBM.SYSCOLUMNS where schema="foo" and table="bar".

That would give you the names (and attributes) of all columns for the table. You could easily filter by adding " AND name LIKE "field name_%" if you only want to see the column names that follow a given pattern.

0 Karma
Reply

stefandagerman
Path Finder
‎04-15-2013 12:04 PM

For MySQL, it looks like this:
http://dev.mysql.com/doc/refman/5.0/en/columns-table.html

0 Karma
Reply

stefandagerman
Path Finder
‎04-15-2013 11:45 AM

As asked, this is really a SQL question and I think the answer in that case is no, I don't think you can use wildcards in database columns. But I think I may be misunderstanding the question.
Can you tell us a bit more of what exactly you are trying to do?

0 Karma
Reply

kbcuait
Explorer
‎04-15-2013 11:48 AM

Hi yes - wanting to use wildcards in columns. Thank appreciate your answer. Have a number of rather cryptic column names and new with this db, was hoping to use Splunk in this case to get a quick feel for what is in them... If need be I will just click through DB Info pages. Thanks for your response

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...