splunk - What is the best strategy to create and display metadata from this table? -

splunk - What is the best strategy to create and display metadata from this table? -

i new splunk! i've asked question on site want more ideas see if i've missed in basic understanding.

i have database updates performed in ad-hoc way: delete records , insert new record new values. hook 'logging' database records each insert/delete operation , details of affected record (e.g. timestamp of operation, id of record, etc.) . i'd utilize splunk grouping these update operations , view them - field changed when - , bearing in mind normal inserts , deletes.

i aware can input sql , utilize splunk nowadays data, how go creating new field itself?

example:

table customers: client id | client name | client address | 001 | john f | 213 privet drive 002 | kyle | 16 gammon road table customers-history: timestamp | operation | client id | client name | client address 1-dec-2010 09:52:1232| insert | 002 | kyle | 10 gammon road 2-dec-2010 09:54:9500| delete| 002 | kyle | 10 gammon road 2-dec-2010 09:54:9900| insert | 002 | kyle | 16 gammon road 2-dec-2010 09:55:9921| delete | 003 | josh c | 21 drury lane

in above example, 2nd , 3rd logs of customers-history table show edit operation, want grouped. 'grouping' mean, have splunk see insert-delete operations edit operations , nowadays info such. illustration on info above splunk show 2 records of 'changes' client 'kyle a': insert on 1-dec-2010 9:52 , edit on 2-dec-2010 9:54.

i want splunk go through , record changes customers table, automatically grouping edit operations well. how should this? note grouping criteria record compound, e.g. client id , name both have match , timestamp must fall in limit.

splunk