I'm using DB Connect to input some data from Oracle. I have Splunk installed on a Windows 2016 Server. I cannot seem to get any of my sourcetypes read or used with an input created via DB Connect. No matter what I do, if I run a search from the "Find Events" button of the DB Connect application, then click on "+Extract New Fields", it returns an error:

"The events associated with this job have no sourcetype information: ".

Every. Single. Time.

Sample query:

index=thejoy sourcetype=WHYNOT source=JUSTWORKSERIOUSLY OR source=mi_input://JUSTWORKSERIOUSLY

Interestingly enough, if I run the following query I get the EXACT same results:

index=thejoy source=JUSTWORKSERIOUSLY OR source=mi_input://JUSTWORKSERIOUSLY

I get data back from both of these results, but am unable to extract new fields. I have tried doing the following:

*Creating a new Index and assigning it to splunk_app_db_connect
*Creating a new Index and assigning it to search
*Creating a new SourceType via Settings > SourceTypes and setting it to Searching & Reporting
*Creating a new SourceType via Settings > SourceTypes and setting it to Splunk DB Connect
*Specified the Application for the Data Input to be DB Connect
*Specified the Application for the Data Input to be the Splunk Search
*Changing Permissions on DB Connect to allow Everyone to Read/Write
*Creating a new user and doing all of the above
*In DB Connect, typing a new value for SourceType that doesn't exist so it gets created automatically

No matter what I try, I just seem to get the same message about no sourcetype information being available for the job.

If I create a new source type via Settings > SourceTypes in the main splunk menu, it doesn't show up in the list for DB Connect (which I understand is a bug). This changes very little, since it's apparently not being used anyways.

If I let DB Connect create a new sourcetype, I do not see it appear in the Settings > SourceTypes menu after the DB Input is created and a successful search is executed.

Also, when I check the props.conf file located in:

C:\Program Files\Splunk\etc\apps\splunk_app_db_connect\local\

my sourcetype is not present at all in the file; it's just an empty file.

I'm just simply at a loss here on why this is happening and what to do. I just want my DB Inputs to recognize my sourcetypes. Ultimately, I want to parse my data as it is going into Splunk using a specific source type. I'm at the point where I'm considering doing a fresh install of Splunk. Any help on this extremely frustrating issue would be greatly appreciated.