TDV Adapter for Splunk

Build 21.0.8137

LookUpReport

An example lookup report representing a view based on a saved report in Splunk.

Select

This is an example of a report view. These views are generated from saved reports in Splunk.

The adapter will use the Splunk APIs to process the following query components; the adapter processes other parts of the query client-side in memory.

Saved Search

Runs a saved search, or report, and returns the search results of a saved search. If the search contains replacement placeholder terms, such as $replace_me$, the search processor replaces the placeholders with the strings you specify.

For example:

  • SELECT * FROM mysearch WHERE replace_me='value'

Will generate the following search statement:

  • | savedsearch mysearch replace_me="value"

All replacement placeholder terms will be dynamic and saved as Pseudo-Columns.

All columns support server-side processing for the following operators and functions:

  • Operators: =, <, >, >=, <=, IN, IS NULL, IS NOT NULL, NOT, LIKE
  • Functions: AVG, SUM, MIN, MAX, COUNT, STDEV, STDEVP, VAR, VARP

LIMIT, ORDER BY, GROUP BY, and HAVING are also processed server-side. An exception is the case when in the selected columns, there are fields that are not in the GROUP BY, and GROUP BY, criteria, and limiting are handled client-side.

In the case when an unsupported criteria or function is used, all processing will be completed client-side (except selecting specified fields). This is also the case when a SELECT statement has a column that is not in the GROUP BY clause.

For example, the adapter processes the following queries server-side:

SELECT Country, Subregion as Sub FROM LookUpReport WHERE Iso2 != '123' OR continent = 'Europe' AND iso3 NOT IN ('example_1', 'example_2') ORDER BY Country DESC LIMIT 5 

SELECT AVG(Iso2), Subregion FROM LookUpReport GROUP BY Subregion HAVING AVG(Iso2) > 0 

Columns

Name Type Description
continent String
country String
iso2 String
iso3 String
region_un String
region_wb String
subregion String

Copyright (c) 2022 CData Software, Inc. - All rights reserved.
Build 21.0.8137