Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

CSV files with scientific notation fields

external_alien_
Explorer
‎07-22-2016 05:36 AM

I have a folder monitored by Splunk where CSV files are uploaded and sucked into Splunk. Splunk reads them no sweat and I can work with the data, the only problem is that the numerical values in the CSV files are all in Scientific notation and look for example like “2.7584000000000e+04” instead of simply “27584”. Splunk interprets them as numerical (not string) and I can fix this at search time with a few evals, but I have to do it for every search and was wondering if there's no way to fix this before the CSV files are indexed in Splunk? Say via editing props.conf?

Any help is much appreciated 😃

Reply

woodcock
Esteemed Legend
‎07-22-2016 05:43 AM

You can setup your eval statements as calculated fields using the EVAL- syntax here:

http://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Propsconf

0 Karma
Reply

external_alien_
Explorer
‎07-22-2016 06:56 AM

But doesn't that mean I have to know all the field names beforehand? Seeing as I have a large number of fields with values in scientific notation this is unfeasible, not to mention that field names may vary 😃
Is it theoretically possible to identify all values that contain say "e+" and rework them as plain decimal?

0 Karma
Reply

woodcock
Esteemed Legend
‎07-22-2016 07:10 AM

In that case, you need to create a macro using foreach and then use it whenever you need it. That is the best that you can do. Unfortunately, you cannot make the macro call automatic.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...