3) But its not getting indexed properly. In one line I am getting multiple records in some cases. Please refer to the screen shot. How to get them indexed correctly each line of CSV file as one line in Splunk?
4) How can I cluster same alertnames together irrespective of hostname since the alertname has hostname in it first. I need to get rid of hostname in the alert name and then group the alertname together.
Note: hostname doesn't come in a particular place in the alertname.
Note that I changed the "host" field to "alerthost". "host" is a default field name in Splunk and you really shouldn't use it in your data. It will just get confusing at best.
Second, you will need to remove the data from the dc10_oss index and re-index the file.
Finally, if you want to group data, you need to use a reporting command in Splunk. For example