Solved: Re: DB connect: how to set quotes around field res...

norbert_hamel · ‎11-20-2013

Hi all,

I am using DB connect to retrieve a list of user accounts from a database.
The extract is running as expected, but the username sometimes contain commas:

Username=Lastname,Firstname

This will cause Splunk to read only the first part of the user name to the field "Username".

Is there a way to place the results of my query in quotes to achieve this:

Username="Lastname,Firstname" ?

Thanks
Norbert

martin_mueller · ‎11-20-2013

Have you tried the multi-line key-value output format?

If all else fails you should be able to specify a manual template as the output format, and include quotes explicitly:

... Username="$user_column$" ...

That may be tedious for a large number of columns of course.

View solution in original post

martin_mueller · ‎11-20-2013

Great 🙂
I have converted the comment to an answer so you can mark it as solved.

norbert_hamel · ‎11-20-2013

Cool, I have used the template, now I have exactly what I was looking for.
Greetings to the north! 🙂

martin_mueller · ‎11-20-2013

Have you tried the multi-line key-value output format?

If all else fails you should be able to specify a manual template as the output format, and include quotes explicitly:

... Username="$user_column$" ...

That may be tedious for a large number of columns of course.

DB connect: how to set quotes around field results

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!