Hello-
**The old process:**
Executing a SQL query in SSMS and importing a csv into Splunk. Once importing via manual upload to the search head, Splunk automatically assigned searchable fields to the different columns.
**The new process:**
I'm using dbconnect to connect to a SQL database and import data into Splunk. The various columns are not automatically converted to searchable fields. I have tried creating custom regex to establish some of the fields, but it does not work for all of the columns (namely, ones that are multi-line because the database stores HTML tags for newline, breakline, etc.
**Question 1:**
Is there an easier way to create fields from the columns using dbconnect? It was nearly automatic.
**Question 2:**
Can anyone explain to me what is incorrect with my regex? An example is [here][1] The regex code works here despite the text being multi-line and with several HTML tags, but within Splunk, it does not work properly.
Thanks!
Regex: https://regex101.com/r/eZ1gT7/2102
[1]: https://regex101.com/r/eZ1gT7/2102
↧