So I have a legacy error logging system that drops errors into a table with this schema:
CREATE TABLE [dbo].[ErrorLog](
[ErrorId] [int] IDENTITY(1,1) NOT NULL,
[CreateDate] [datetime] NOT NULL,
[Message] [varchar](max) NULL,
[ServerName] [varchar](50) NULL,
[ApplicationName] [varchar](50) NULL,
[StackTrace] [varchar](max) NULL,
[Url] [nvarchar](500) NULL,
[Controller] [varchar](100) NULL,
[Action] [varchar](100) NULL,
[UserName] [varchar](100) NULL,
[IP] [varchar](100) NULL,
[ErrorLevel] [varchar](100) NULL,
[UserAgent] [nvarchar](500) NULL
I can use the dbx connector to get splunk to see the rows, but my parsing is way off. I tried selecting csv with headers, csv and anything else I can think of.
Among my issues, I'm getting the database server as "host" instead of the contents of the "serverName" field.
I could do something horriffic like
"SELECT 'host=' + ServerName+ 'SEVERITY=' + errorSeverity AS FullRowText FROM dbo.ErrorLog"
and then regex the single line that comes out, but that seems like a square peg solution.
Is there a "using dbx connector to get for n00bs" guide that I should have read before posting?
... View more