Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Text Analytics

kavyatim
Path Finder
‎05-06-2013 03:39 AM

Hi ,
I have a sample data with ~ as a seperator. The format of data is as follows.

"Request_ID~Submitter~Create_Date~Assigned_To~Last_Modified_By~Modified_Date~Status~Short_Description~tmp_PopUp_GUID~Category~Type~Item~Summary~Pending~Escalated~Closure_Code~MSISDN~Address~First_Name~Priority~Region~Surname~tmp_RegionID~Postal_Code~Date_of_Birth~ID_Number~Password~tmp_GroupSet."

I am unable to load data to splunk and extract the fields.I tried changing config files props and transforms but no results,I tried with IFX also.

While loading data to splunk , the following error is generated:
"Your entry was not saved. The following error was reported: SyntaxError: JSON.parse: unexpected character"

Can some one help me in resolving this?

Tags (1)
0 Karma
Reply

Ayn
Legend
‎05-06-2013 05:13 AM

So if I understand you correctly you have regular CSV-formatted data with "~" as a delimiter. You could simply use DELIMS in transforms.conf:

[getmyfields]
DELIMS = "~"
FIELDS = "field1", "field2", "field3", ...

(change FIELDS to the fields in your specific dataset - Request_ID, Submitter, Create_Date and so on)

Then in props.conf:

[yoursourcetype]
REPORT-myfields = getmyfields
Reply
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...