Pulling database events with Splunk DB Connect I noticed that:
1. New (non-existing) fields are created
2. text fields containing special characters are cut
The only reason I have been able to identify consists in the presence of special characters of the kind:
( ) " :
... in fields like "SQL _Text", that by their nature can contain quotes, brackets and else.
How can I escape these problem-causing characters ?
This done inside Splunk - and not anywhere on the DB side, or the SQL command for pulling records.
What are the characters that must be escaped?
Asking the later because when working in a previous project with ingesting events from a DB to Splunk via TCP Data Input, I noticed that not all special characters where causing same problem as above - but only few of them.
best regards
Altin