Re: How to ingest csv file into Heavy forwarder in...

Sabareesh · ‎12-30-2020

I need to get the csv file into HF and forward it to an indexer

How do i add csv file to HF...Do i need to create stanza in inputs.conf to monitor the file.If pls let me know the stanza.

saravanan90 · ‎01-03-2021

The stanza will monitor the temp.csv file in HF & forward it to indexer.

The temp.csv can be placed manually or pushed through any script to that path.

saravanan90 · ‎12-30-2020

Below may help.

For Linux :

[monitor:///opt/splunk/var/log/splunk/temp.csv]
index = main
sourcetype = csv
disabled = 0
crcSalt = <SOURCE>

For Windows

[monitor://C:\splunk\var\log\splunk\temp.csv]
index = main
sourcetype = csv
disabled = 0
crcSalt = <SOURCE>

Sabareesh · ‎01-03-2021

Thanks for the Stanza.

I want to know how to place a temp.csv file into that path?

KimiYan · ‎06-28-2021

Dear friend, have you solved your problem ? I have the same requirements as yours. Hope you can share your stanza.

How to ingest csv file into Heavy forwarder instance and forward data to a peer index