JDBC Driver for Splunk

Build 22.0.8462

AlertsInInternalServer

A dataset object in the example InternalServer data model.

Select

This is an example of a dataset view. These views are generated from dataset objects inside a data model. The driver will use the Splunk APIs to process the following query components; the driver processes other parts of the query client-side in memory.

All columns support server-side processing for the following operators and functions:

  • Operators: =, <, >, >=, <=, IN, IS NULL, IS NOT NULL, NOT
  • Functions: AVG, SUM, MIN, MAX, COUNT, STDEV, STDEVP, VAR, VARP

LIMIT, ORDER BY, GROUP BY, and HAVING are also processed server-side. An exception is the case when in the selected columns, there are fields that are not in the GROUP BY, and GROUP BY, criteria, and limiting are handled client-side.

In the case when an unsupported criteria or function is used, all processing will be completed client-side (except selecting specified fields). This is also the case when a SELECT statement has a column that is not in the GroupBy clause.

For example, the driver uses the Splunk APIs to process the following queries.

SELECT Component, Timeendpos as Timeend FROM [AlertsInInternalServer] WHERE Component = 'Saved' OR EventType != '' AND Priority IS NOT NULL AND Linecount NOT IN ('1', '2') ORDER BY Priority DESC LIMIT 5 

SELECT AVG(Suppressed), Priority FROM [AlertsInInternalServer] GROUP BY Priority HAVING AVG(Suppressed) > 0 
You can turn off the client-side execution of the query by setting SupportEnhancedSQL to false in which case any search criteria that refers to other columns will cause an error or inconsistent data.

Columns

Name Type Description
_time Datetime
component String
date_hour Int
date_mday Int
date_minute Int
date_month String
date_second Int
date_wday String
date_year Int
date_zone Int
digest_mode Int
dispatch_time Int
host String
linecount Int
log_level String
priority String
punct String
savedsearch_id String
scheduled_time Int
search_type String
server_alert_actions String
server_app String
server_message String
server_result_count Int
server_run_time Double
server_savedsearch_name String
server_sid String
server_status String
server_user String
source String
sourcetype String
splunk_server String
suppressed Int
thread_id String
timeendpos Int
timestartpos Int
window_time Int

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8462