Splunk® DB Connect

Deploy and Use Splunk DB Connect

Download manual as PDF

This documentation does not apply to the most recent version of DBX. Click here for the latest version.
Download topic as PDF

db_lookups.conf.spec

[<name>]
description = <value>
# Description for this lookup

lookupSQL = <value>
# Indicates the SQL for lookups.

connection = <value>
# Indicates the connection of database to work on.

input_fields = <value>
# Indicates the input fields for lookups.

output_fields = <value>
# Indicates the output fields after lookups.

ui_query_mode = (simple|advanced)
# optional
# specify whether the ui should use simpple mode or adanced mode for SQL queries

ui_query_catalog = <value>
# optional
# in simple mode, this value will be pre-populated into the catalog dropdown

ui_query_schema = <value>
# optional
# in simple mode, this value will be pre-populated into the schema dropdown

ui_query_table = <value>
# optional
# in simple mode, this value will be pre-populated into the query dropdown

ui_input_spl_search = <value>
# optional
# the splunk spl search which will be used for choosing lookup input_fields

ui_input_saved_search = <value>
# optional
# the splunk saved search which will be used for choosing lookup input_fields

ui_use_saved_search = (true|false)
# optional
# if true, then ui will use ui_input_saved_search
# if false, then ui will use ui_input_spl_search

ui_query_result_columns = <value>
# optional
# JSON encoded array of query result columns
# stores the columns from the associated lookupSQL

ui_column_output_map = <value>
# optional
# JSON mapping from db result column to field name

ui_field_column_map = <value>
# optional
# JSON mapping from search result field to db column

Example:

[test_lookup]
lookupSQL = SELECT * FROM `sakila`.`actor`
connection = test_connection
input_fields = test_input_field
output_fields = actor_id
ui_query_mode = simple
ui_query_catalog = sakila
ui_query_schema = NULL
ui_query_table = actor
ui_input_spl_search = index=main | stats count(*) by test_input_field
ui_use_saved_search = 0
ui_query_result_columns = [{"name":"actor_id"},{"name":"first_name"},{"name":"test_input_field"},{"name":"last_update"}]
ui_column_output_map = [{"removable":false,"label":"actor_id","value":"actor_id","name":"actor_id","alias":"output_actor_id"}]
ui_field_column_map = [{"name":"test_input_field","selected":true,"removable":true,"label":"test_input_field","value":"test_input_field","alias":"test_input_field"}]
PREVIOUS
db_outputs.conf.spec
  NEXT
identities.conf.spec

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters