Installation

Is there a way to change the delimiter in Splunk DB Connect?

dlovett
Path Finder

We have a need to use the vertical bar (ie "|") as a delimiter. Splunk DB Connect uses a comma. I tried searching for a config parameter but was unsuccessful.

Tags (1)
1 Solution

ziegfried
Influencer

There is currently no way to change the delimiter for the CSV output format of database inputs. But there is an alternative. It requires a little more work to set it up, tough.

You can select the "Template" output format which allows you to specify an arbitrary format you can define by using "replacement tokens". For example:

$timestamp$|$COLUMN1$|$COLUMN2$|$COLUMN3$

DB Connect then replaces those tokens $<COLUMN NAME>$ with the actual content from this column.

View solution in original post

ziegfried
Influencer

There is currently no way to change the delimiter for the CSV output format of database inputs. But there is an alternative. It requires a little more work to set it up, tough.

You can select the "Template" output format which allows you to specify an arbitrary format you can define by using "replacement tokens". For example:

$timestamp$|$COLUMN1$|$COLUMN2$|$COLUMN3$

DB Connect then replaces those tokens $<COLUMN NAME>$ with the actual content from this column.

dlovett
Path Finder

That is correct. I should have mentioned delimiters for database inputs :slightly_smiling_face:

0 Karma

ziegfried
Influencer

Which delimiter is it, that you want to change? The format of events generated by database inputs?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...