Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

CSV File with multiple sections and headers

ddavenpo
Explorer
‎10-18-2019 12:50 PM

I have a CSV file that has a header/title section with some interesting information in it (the run, application version, username, etc).

It then has 2 sections of CSV data with the same field names, but one is an exception section and one is the actual data. It looks like this:

Run ID,100
Run Date/Time,6/13/2019 7:07:51 PM
Application Name,
Application Version,1.0.0.0
Protocol Name,
User Name,John Doe

[EXCEPTIONS]
field1,field2,field3,field4
value1,value2,value3,value4

[DETAILS]
field1,field2,field3,field4
value1,value2,,value4

I am trying to avoid writing code to pre parse the data to something a little more Splunk friendly. Any ideas on how to leverage props/transforms to get the Run ID, Timestamp, Username in each line under the 2 csv sections?

We are ok with merging the exceptions and details sections into 1 as we do not necessarily need to distinguish between the 2 sections. But we do need to leverage one of the field rows as the CSV header values.

Help appreciated! 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...