Hello there,
I got an issue with Splunk DB Connect app.
After indexing data from my Oracle DB, Splunk doesn't recognize field-value pairs
I got an event like that:
06/02/2018, Name=myname, Date_of_birth=24/10/1987
In the interesting fields I don't find the field name and Date_of_birth but only index, linecount and punct.
How can I solve my problem?
Tnx
As this data is not in CSV format, can you please change sourcetype to some custom sourcetype??
As this data is not in CSV format, can you please change sourcetype to some custom sourcetype??
i solved the issue using a custom sourcetype.
Tnx so much for the help 🙂
I have converted my comment to answer so you can accept/upvote it.
Are you running your search in fastmode ? Try to change it to Smartmode or Verbosemode.
Hi,
the search is running in verbose mode.
Can you please double check whether are you getting data in double quote or not ? Like this 06/02/2018, Name="myname", Date_of_birth="24/10/1987"
Because when I tried to fetch data from Oracle database all fields with value coming in double quotes as mentioned above.
Hi,
data are getting in with double quote as mentioned 🙂
What sourcetype are you using for this data ? Any props.conf or transforms.conf present for that sourcetype ?
i'm using CSV sourcetype