Hi I have a batch file that executes a sqlserver query using sqlcmd.
The contents of the batch file are:
sqlcmd -i query.sql -X -h -1
The query.sql contains
set nocount on
go
select "time=" + convert(varchar,getdate(),121)+" count="+cast(count(0) as varchar)
from abc;
go
The output of the query looks like
time=2011-01-06 11:30:57.533 count=56
Now, I would like to create 2 fields, time and count, and then be able to plot them in a chart or develop alerts on them based on rate of change or last value above threshold.
Questions:
a. How should I change the query to make it easier for Splunk to create 2 fields?
b. I will be running lot of different queries to look into the data. What is the best way to do this?
c. How do I tell Splunk to use the time as the timestamp?
Thank you.
... View more