CSV File with multiple sections and headers

Getting Data In

I have a CSV file that has a header/title section with some interesting information in it (the run, application version, username, etc).

It then has 2 sections of CSV data with the same field names, but one is an exception section and one is the actual data. It looks like this:

Run ID,100
Run Date/Time,6/13/2019 7:07:51 PM
Application Name,
Application Version,1.0.0.0
Protocol Name,
User Name,John Doe

[EXCEPTIONS]
field1,field2,field3,field4
value1,value2,value3,value4

[DETAILS]
field1,field2,field3,field4
value1,value2,,value4

I am trying to avoid writing code to pre parse the data to something a little more Splunk friendly. Any ideas on how to leverage props/transforms to get the Run ID, Timestamp, Username in each line under the 2 csv sections?

We are ok with merging the exceptions and details sections into 1 as we do not necessarily need to distinguish between the 2 sections. But we do need to leverage one of the field rows as the CSV header values.

Help appreciated! 🙂

Get Updates on the Splunk Community!

CSV File with multiple sections and headers

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud

Join the Conversation

CSV File with multiple sections and headers

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud