I am trying to have move the data over (that is from a db) to splunk in a tabular form so that I can query it. Currently I am sending over a JSON string with the column name and it's values. What is the best way to achieve this?
Maybe I should send something different.
Maybe splunk can de-parse the JSON string into a table.
Having string data is of no use to me. I need to query the data. EG: Count of people who like oranges in below table should give me 2.
Person Favourite Fruit
A Orange
B Apple
C Orange
My actual data is pretty large, with 14 columns and a lot of records that are changing (it's a log table). We have direct SQL-to-splunk connectors for most db but not for this db so I am trying to find the best way to send over this data. Currently, I am logging each record in the table in the log file and then converting it into a JSON string which shows up on Splunk.
... View more