Hi,
I need to be able to:
1) use splunk's visualization capabilities (like those available after querying event data -- using the visualization tab) based on SQL data.
2) correlate data in SQL tables with event data in splunk.
I have a valid SQL connection. If I go to the connection, see that it's valid/green, click the query tab, and run a query, I get results. Like this (query.png)
But if I go to splunk --> search (not within the DB connect app) and try this query, I get no results. As far as I can tell from what I've read online, the syntax is correct. See this (search.png):
I guess it makes sense that I wouldn't get results here since data in the SQL tables isn't event data. But yet, how do I correlate indexed event data with the data in SQL tables? Is a saved DB Input or DB Lookup required?
Also, is there any good, step by step documentation anywhere? I've found some things online, like general concepts for db lookup and db input, and some syntax for db query, but nothing step-by step.
Thanks in advance.
... View more