JDBC Driver for Splunk

Build 22.0.8462

LookUpReport

An example lookup report representing a view based on a saved report in Splunk.

Select

This is an example of a report view. These views are generated from saved reports in Splunk.

The driver will use the Splunk APIs to process the following query components; the driver processes other parts of the query client-side in memory. You can turn off the client-side execution of the query by setting SupportEnhancedSQL to false in which case any search criteria that refers to other columns will cause an error or inconsistent data.

Saved Search

Runs a saved search, or report, and returns the search results of a saved search. If the search contains replacement placeholder terms, such as $replace_me$, the search processor replaces the placeholders with the strings you specify.

For example:

  • SELECT * FROM mysearch WHERE replace_me='value'

Will generate the following search statement:

  • | savedsearch mysearch replace_me="value"

All replacement placeholder terms will be dynamic and saved as Pseudo-Columns.

All columns support server-side processing for the following operators and functions:

  • Operators: =, <, >, >=, <=, IN, IS NULL, IS NOT NULL, NOT, LIKE
  • Functions: AVG, SUM, MIN, MAX, COUNT, STDEV, STDEVP, VAR, VARP

LIMIT, ORDER BY, GROUP BY, and HAVING are also processed server-side. An exception is the case when in the selected columns, there are fields that are not in the GROUP BY, and GROUP BY, criteria, and limiting are handled client-side.

In the case when an unsupported criteria or function is used, all processing will be completed client-side (except selecting specified fields). This is also the case when a SELECT statement has a column that is not in the GROUP BY clause.

For example, the driver processes the following queries server-side:

SELECT Country, Subregion as Sub FROM LookUpReport WHERE Iso2 != '123' OR continent = 'Europe' AND iso3 NOT IN ('example_1', 'example_2') ORDER BY Country DESC LIMIT 5 

SELECT AVG(Iso2), Subregion FROM LookUpReport GROUP BY Subregion HAVING AVG(Iso2) > 0 
You can turn off the client-side execution of the query by setting SupportEnhancedSQL to false in which case any search criteria that refers to other columns will cause an error or inconsistent data.

Columns

Name Type Description
continent String
country String
iso2 String
iso3 String
region_un String
region_wb String
subregion String

Copyright (c) 2023 CData Software, Inc. - All rights reserved.
Build 22.0.8462