topic Splunk DB Connect - data formating in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Splunk-DB-Connect-data-formating/m-p/507985#M86447 <P>Hey everyone!</P><P>Lately we had an unfortunate incident were most of our logs were deleted from splunk. Luckily we saved the same data at our PostgreSQL DB.&nbsp; &nbsp;</P><P>To restore those logs, I want to export the PostgreSQL data via Splunk DB Connect.&nbsp;&nbsp;</P><P>I've read about the app and it looks like it can solve most of my concerns. My main issue that I couldn't find solution for is data formating.&nbsp; &nbsp;</P><P>To make it backwards compatible to our logs format, I want to parse the db table rows by:</P><P>1. Sending the data to splunk as a json&nbsp;</P><P>2. Add some custom key:value pairs (that are based / can be calculated from the database row)</P><P>3. Not include specific table columns</P><P>4. Append metadata to the logs (already found that this point is possible)</P><P>&nbsp;</P><P>Is there a way of achieving those wishes without working with raw SQL?</P><P>If not, can I see an example of raw SQL that generates the wanted splunk log?</P><P>Also, is there any other way of exporting &amp; importing data from postgres to splunk that can solve this issue?</P><P>&nbsp;</P><P>Thank you!</P> Wed, 08 Jul 2020 08:31:28 GMT Acxon1 2020-07-08T08:31:28Z Splunk DB Connect - data formating https://community.splunk.com/t5/Getting-Data-In/Splunk-DB-Connect-data-formating/m-p/507985#M86447 <P>Hey everyone!</P><P>Lately we had an unfortunate incident were most of our logs were deleted from splunk. Luckily we saved the same data at our PostgreSQL DB.&nbsp; &nbsp;</P><P>To restore those logs, I want to export the PostgreSQL data via Splunk DB Connect.&nbsp;&nbsp;</P><P>I've read about the app and it looks like it can solve most of my concerns. My main issue that I couldn't find solution for is data formating.&nbsp; &nbsp;</P><P>To make it backwards compatible to our logs format, I want to parse the db table rows by:</P><P>1. Sending the data to splunk as a json&nbsp;</P><P>2. Add some custom key:value pairs (that are based / can be calculated from the database row)</P><P>3. Not include specific table columns</P><P>4. Append metadata to the logs (already found that this point is possible)</P><P>&nbsp;</P><P>Is there a way of achieving those wishes without working with raw SQL?</P><P>If not, can I see an example of raw SQL that generates the wanted splunk log?</P><P>Also, is there any other way of exporting &amp; importing data from postgres to splunk that can solve this issue?</P><P>&nbsp;</P><P>Thank you!</P> Wed, 08 Jul 2020 08:31:28 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-DB-Connect-data-formating/m-p/507985#M86447 Acxon1 2020-07-08T08:31:28Z