Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk DB Connect: Is it possible to specify a SQL Query by running an inner join query to use as the database input?

KindaWorking
Path Finder
‎01-12-2015 02:18 PM

In the DB Connect app, when I try to add a Database Input, instead of selecting a Table Name I would like to Specify the SQL Query.
I want to run a very simple join query to use as the input. Is this possible? If so, what am I doing wrong:

select Documents.tmpname, DocumentStatistics.*
From DocumentStatistics
INNER JOIN Documents
On DocumentStatistics.image_id=Documents.image_id;

I am getting the following error when I try to do this (it works fine if I just select the table):

01-13-2015 11:53:46.206 +1100 ERROR AdminManagerExternal - Received malformed XML from external handler:\nFailed to validate: com.splunk.config.SplunkConfigurationException: Error validating dbmonTail for monitor=dbmon-tail://Database/New Data: [New Data] Invalid query " select Documents.tmpname, DocumentStatistics.*\r\r\n From DocumentStatistics\r\r\n INNER JOIN Documents\r\r\n On DocumentStatistics.image_id=Documents.image_id;" without proper {{ ... $rising_column$ > ?}} pattern! with query = ...
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

KindaWorking
Path Finder
‎01-12-2015 06:20 PM

The answer is that I forgot to append the following to my query:
{{WHERE $rising_column$ > ?}}

Now all working. Thanks Musskopf for setting me in the right direction.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

KindaWorking
Path Finder
‎01-12-2015 06:20 PM

The answer is that I forgot to append the following to my query:
{{WHERE $rising_column$ > ?}}

Now all working. Thanks Musskopf for setting me in the right direction.

0 Karma
Reply
Solved! Jump to solution

enriquemr
New Member
‎07-09-2015 02:37 PM

Thanks, have you had a problem with the date in your table? because i have a problen with that, the format is diferente when i import the data of my data bases within splunk.
regards.

0 Karma
Reply
Solved! Jump to solution

KindaWorking
Path Finder
‎01-12-2015 05:04 PM

Thanks musskopf, I have added the error logs to the question

0 Karma
Reply
Solved! Jump to solution

musskopf
Builder
‎01-12-2015 03:33 PM

You should be able to do that, the only thing might preventing you is a duplicated column name. Can you see any errors inside dbx.log file?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...