topic Indexing Ubisecure Ubilogin logs? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Indexing-Ubisecure-Ubilogin-logs/m-p/533157#M89568 <P>Hi</P><P>Have anyone indexed Ubisecure's Ubilogin audit or diag files? Basically those are CSV files, BUT depending of event there are different amount of columns even same type of even based on e.g. used authentication method.</P><LI-CODE lang="markup">time, src ip, action, user info, f1, f2, f3, f4 t1, src-1, authentication method list, _xyz, "CN=aa,OU=b....", "user agent" t2, src-1, authentication method list, _xyz, password.xx, "CN=aa,OU=b....", "user agent" t3, src-1, login, _xyz, yyy, password.xx, "CN=bb, OU=cc...", foo,...,...,..</LI-CODE><P>Even same action can contain different amount of fields based on "user info" field.</P><P>There are some other actions too.</P><P>If there is no better solution then I probably try this: <A href="https://community.splunk.com/t5/Getting-Data-In/Indexing-a-CSV-data-file-with-more-than-one-set-of-data/m-p/40562" target="_blank">https://community.splunk.com/t5/Getting-Data-In/Indexing-a-CSV-data-file-with-more-than-one-set-of-data/m-p/40562</A></P><P>r. Ismo&nbsp;</P> Tue, 15 Dec 2020 14:16:52 GMT isoutamo 2020-12-15T14:16:52Z Indexing Ubisecure Ubilogin logs? https://community.splunk.com/t5/Getting-Data-In/Indexing-Ubisecure-Ubilogin-logs/m-p/533157#M89568 <P>Hi</P><P>Have anyone indexed Ubisecure's Ubilogin audit or diag files? Basically those are CSV files, BUT depending of event there are different amount of columns even same type of even based on e.g. used authentication method.</P><LI-CODE lang="markup">time, src ip, action, user info, f1, f2, f3, f4 t1, src-1, authentication method list, _xyz, "CN=aa,OU=b....", "user agent" t2, src-1, authentication method list, _xyz, password.xx, "CN=aa,OU=b....", "user agent" t3, src-1, login, _xyz, yyy, password.xx, "CN=bb, OU=cc...", foo,...,...,..</LI-CODE><P>Even same action can contain different amount of fields based on "user info" field.</P><P>There are some other actions too.</P><P>If there is no better solution then I probably try this: <A href="https://community.splunk.com/t5/Getting-Data-In/Indexing-a-CSV-data-file-with-more-than-one-set-of-data/m-p/40562" target="_blank">https://community.splunk.com/t5/Getting-Data-In/Indexing-a-CSV-data-file-with-more-than-one-set-of-data/m-p/40562</A></P><P>r. Ismo&nbsp;</P> Tue, 15 Dec 2020 14:16:52 GMT https://community.splunk.com/t5/Getting-Data-In/Indexing-Ubisecure-Ubilogin-logs/m-p/533157#M89568 isoutamo 2020-12-15T14:16:52Z