Splunk® DB Connect

Deploy and Use Splunk DB Connect

This documentation does not apply to the most recent version of Splunk® DB Connect. For documentation on the most recent version, go to the latest release.

db_lookups.conf.spec

[<name>]
description = <value>
# Description for this lookup

lookupSQL = <value>
# Indicates the SQL for lookups.

connection = <value>
# Indicates the connection of database to work on.

input_fields = <value>
# Indicates the input fields for lookups.

output_fields = <value>
# Indicates the output fields after lookups.

ui_query_mode = (simple|advanced)
# optional
# specify whether the ui should use simpple mode or adanced mode for SQL queries

ui_query_catalog = <value>
# optional
# in simple mode, this value will be pre-populated into the catalog dropdown

ui_query_schema = <value>
# optional
# in simple mode, this value will be pre-populated into the schema dropdown

ui_query_table = <value>
# optional
# in simple mode, this value will be pre-populated into the query dropdown

ui_input_spl_search = <value>
# optional
# the splunk spl search which will be used for choosing lookup input_fields

ui_input_saved_search = <value>
# optional
# the splunk saved search which will be used for choosing lookup input_fields

ui_use_saved_search = (true|false)
# optional
# if true, then ui will use ui_input_saved_search
# if false, then ui will use ui_input_spl_search

ui_query_result_columns = <value>
# optional
# JSON encoded array of query result columns
# stores the columns from the associated lookupSQL

ui_column_output_map = <value>
# optional
# JSON mapping from db result column to field name

ui_field_column_map = <value>
# optional
# JSON mapping from search result field to db column

Example: 

[test_lookup]
lookupSQL = SELECT * FROM `sakila`.`actor`
connection = test_connection
input_fields = test_input_field
output_fields = actor_id
ui_query_mode = simple
ui_query_catalog = sakila
ui_query_schema = NULL
ui_query_table = actor
ui_input_spl_search = index=main | stats count(*) by test_input_field
ui_use_saved_search = 0
ui_query_result_columns = [{"name":"actor_id"},{"name":"first_name"},{"name":"test_input_field"},{"name":"last_update"}]
ui_column_output_map = [{"removable":false,"label":"actor_id","value":"actor_id","name":"actor_id","alias":"output_actor_id"}]
ui_field_column_map = [{"name":"test_input_field","selected":true,"removable":true,"label":"test_input_field","value":"test_input_field","alias":"test_input_field"}]
Last modified on 19 June, 2017
db_outputs.conf.spec   identities.conf.spec

This documentation applies to the following versions of Splunk® DB Connect: 3.0.0, 3.0.1, 3.0.2, 3.0.3

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters