Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rahmatn
rahmatn
Path Finder
Member since:
09-01-2014
03-18-2022
Community Statistics
| Posts | 12 |
| Solutions | 1 |
| Karma Given | 3 |
| Karma Received | 9 |
| Member Since | 09-01-2014 |
Activity Feed
- Got Karma for Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. 12-01-2022 10:48 AM
- Got Karma for Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. 10-13-2022 06:59 AM
- Got Karma for Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. 10-11-2022 09:04 AM
- Got Karma for Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. 07-05-2022 01:14 AM
- Got Karma for Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1.. 06-17-2022 06:47 AM
- Posted Re: Can we delete the data from lookup file created ?? on Getting Data In. 03-17-2022 09:05 PM
- Posted Re: outer join not working with index, but works with inputlookup on Splunk Search. 03-13-2022 09:36 PM
- Posted Re: outer join not working with index, but works with inputlookup on Splunk Search. 03-09-2022 04:49 PM
- Posted Re: outer join not working with index, but works with inputlookup on Splunk Search. 03-09-2022 01:18 AM
- Posted Why is outer join working with inputlookup but not with index? on Splunk Search. 03-08-2022 10:15 PM
- Karma Re: compare data that not include in lookup file for gcusello. 02-10-2022 05:33 AM
- Posted Re: compare data that not include in lookup file on Splunk Search. 02-10-2022 02:56 AM
- Posted Re: compare data that not include in lookup file on Splunk Search. 02-10-2022 02:55 AM
- Karma Re: compare data that not include in lookup file for gcusello. 02-10-2022 02:54 AM
- Posted compare data that not include in lookup file on Splunk Search. 02-10-2022 02:00 AM
- Posted Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. on All Apps and Add-ons. 05-18-2021 02:56 AM
- Posted Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. on All Apps and Add-ons. 04-14-2021 01:51 AM
- Karma Re: Error in 'dbxquery' command: External search command exited unexpectedly with non-zero error code 1. for hpbrand. 04-14-2021 01:49 AM
- Posted Re: DBXQuery where not in index data on Splunk Search. 10-21-2020 08:33 PM
- Posted DBXQuery where not in index data on Splunk Search. 10-21-2020 08:03 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
03-17-2022
09:05 PM
this work for me, you may try | inputlookup <lookup_name> | head count=1 | outputlookup <lookup_name>
... View more
03-13-2022
09:36 PM
hi @ITWhisperer , Yes you are right, the subsearch has been truncated when i use index (max 50.000 events), that's why the result not shown as i expected, different result if i'm using inputlookup as subsearch since the data in the csv only sample data (<5000 events) again thanks for you enlightenment, so i need to figure out another way
... View more
03-09-2022
04:49 PM
result from dbxquery is depend on transaction data, but average 90-100 transaction i need to compare it with another data which is stored in index. when using join outer with inputlookup, the filter is working well, but when using join outer with index, it looks like not filter at all
... View more
03-09-2022
01:18 AM
Hi @ITWhisperer , Thanks for your response, the data in the index > 1.5M events, i don't thinks if csv can handle that amount Like i said, if i'm outer joining main search and index as subsearch, i can't get result filtered but when i'm using inputlookup the result has filtered well Or may be i have wrong understanding in joining the index ?
... View more
03-08-2022
10:15 PM
Hi All, I have transaction data from a database and want to compare it with an index in splunk, filtering the transaction data which is has not exist in the index Have query like this :
| dbxquery connection=monsplunk query="select userid, acctno, trxamt, trxstatus from "appdb"."apppymt" where accttyp is null "
| join type=outer userid
[search index=trxpayment_idx | fields userid]
| eval mark = if (isnull(userid),"blank",userid)
|search mark=blank
|table userid, acctno, trxamt, mark
when run the query above, the result still shown all data from transaction without filter from index data opposite result with lookup, using a same query and only change index in to inputlookup :
| dbxquery connection=monsplunk query="select userid, acctno, trxamt, trxstatus from "appdb"."appymt" where accttyp is null "
| join type=outer userid
[|inputlookup trxpayment.csv]
| eval mark = if (isnull(userid),"blank",userid)
|search mark=blank
|table userid, acctno, trxamt, mark
it shown filtered data from lookup file I prefer using index compare to lookup file , because the size of data
any one can help with index ? or if you have alternative it would be preferable too
... View more
02-10-2022
02:55 AM
Hi Guiseppe, Thanks for your response, but it not solve my case Actually the transaction data coming from SQL and the lookup is in the splunk so i have to run the SQL query first and then using lookup command as subsearch i cannot use "NOT" before the subsearch, or may be i
... View more
02-10-2022
02:00 AM
Dear All, Need your help I have case to compare transaction data with lookup file, for example i have lookup file account.csv it contain : Name AccountNo Jack 1234 Bobby 4321 Bobby 3214 Donny 7890 and then i have daily transaction like : Name AccountNo Amount Bobby 4321 1000 Jack 1234 500 Donny 7890 500 Bobby 8888 5000 i want to marking this daily transaction base on Name that has no AccountNo in lookup table account.csv the marking can be a note or something else thanks in advance for your help Rahmat
... View more
Labels
- Labels:
-
other
05-18-2021
02:56 AM
Have you find it under default ?
... View more
04-14-2021
01:51 AM
5 Karma
in my case just put "#" in front of [dbxquery] filename = java.path in local/commands.conf
... View more
10-21-2020
08:33 PM
hi all, Thank you for allow your time to see this question, finally i found the query that i'm looking for. I have to add another field from index, if it empty then it must be negative data that will show on result, and change join type to outer : | dbxquery connection=monsplunk query="select CREATED_BY, BILLER_CUST_ID, BILLER_NAME, TRX_AMT as AMOUNT from "APPDB"."TBL_APP_PYMT_PURCHASE"" | join type=outer CREATED_BY [| search index=mobile_purchase_idx latest=now | fields CREATED_BY, Note] |where isnull (Note) | table CREATED_BY, BILLER_CUST_ID, BILLER_NAME Thanks all
... View more
10-21-2020
08:03 PM
Hi Splunkers, Need your help, i have DBXQuery like this : | dbxquery connection="myconn" query="sdbxquery connection=monsplunk_ibank query="select CREATED_BY, BILLER_CUST_ID, BILLER_NAME, TRX_AMT as AMOUNT from "APPDB"."TBL_APP_PYMT_PURCHASE"" and i want to filter the data where CREATED_BY not in : index=mobile_purchase_idx | fields CREATED_BY I have tried using join type inner but the result still show all data from the index, not the negative, this is my query : | dbxquery connection=monsplunk query="select CREATED_BY, BILLER_CUST_ID, BILLER_NAME, TRX_AMT as AMOUNT from "APPDB"."TBL_APP_PYMT_PURCHASE"" | join type=inner CREATED_BY [| search index=mobile_purchase_idx latest=now | fields CREATED_BY] | table CREATED_BY, BILLER_CUST_ID, BILLER_NAME
... View more
- Tags:
- dbxquery
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-18-2022
12:51 AM
|
Karma from
