I am using DBConnect to PULL data from DB to SPLUNK.
My DB had 900 rows.
Say, My query runs at 7am and pulls 890 records and stores in an index called db_index.
Now, I realize the query did not get me entire 900 records and I need to re-run the query and store in the same index.
But doing so, I get duplicate events in the same index.
I want to add a unique field to each event everytime my query runs.
So that I can segregate data using that key.
Example:
The query that ran at 9am should have a key 111
The query that ran at 11am should have a key 222
... View more