Pulling database events with Splunk DB Connect I noticed that:
1. New (non-existing) fields are created 2. text fields containing special characters are cut
The only reason I have been able to identify consists in the presence of special characters of the kind: ( ) " : ... in fields like "SQL _Text", that by their nature can contain quotes, brackets and else.
How can I escape these problem-causing characters ? This done inside Splunk - and not anywhere on the DB side, or the SQL command for pulling records.
What are the characters that must be escaped? Asking the later because when working in a previous project with ingesting events from a DB to Splunk via TCP Data Input, I noticed that not all special characters where causing same problem as above - but only few of them.