Getting Data In

Escape special characters in DB Connect


Pulling database events with Splunk DB Connect I noticed that:

1. New (non-existing) fields are created
2. text fields containing special characters  are cut

The only reason I have been able to identify consists in the presence of special characters of the kind:
( ) " :
... in fields like "SQL _Text", that by their nature can contain quotes, brackets and else.

How can I escape these problem-causing characters ?
This done inside Splunk - and not anywhere on the DB side, or the SQL command for pulling records.

What are the characters that must be escaped?
Asking the later because when working in a previous project with ingesting events from a DB to Splunk via TCP Data Input, I noticed that not all special characters where causing same problem as above - but only few of them.

best regards

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...