Getting Data In

During import CSV, how do I use a host_segment attribute to extract a host name?

pmorlon
New Member

Hi,

I import a CSV file like this one :

date;host;type
18/09/18 10:23:50;SERV1;file
18/09/18 10:23:52;SERV2;serv
18/09/18 10:24:50;SERV3;file
18/09/18 10:30:50;SERV4;file
18/09/18 10:33:50;SERV5;file
18/09/18 10:33:55;SERV6;computer

Detected like this :
alt text

I try segment number : 2

alt text

But at the end, I have
extracted_host = SERVX <- It is ok
host = 127.0.0.1 <- All the line have the same host : 127.0.0.1

Is this normal ? And how could I have host valer with the name of the computer list in the CSV ?

Tags (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

"Segment number" refers to a portion of the source's file path. If the source is "http://127.0.0.1/foo/bar" then segment 2 would be correctly set to "127.0.0.1".
What result do you expect? Perhaps we can help you achieve that result.

---
If this reply helps you, Karma would be appreciated.
0 Karma

pmorlon
New Member

Thank Richgalloway for your answer.

I have this result :

alt text

And i want to have in the Host the same result that extracted_host : SERVX

Is it possible ?

0 Karma

pmorlon
New Member

The picture was not include : https://ibb.co/gFwCGe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Assignment of host name is done before lookups.

---
If this reply helps you, Karma would be appreciated.
0 Karma

pmorlon
New Member

Ok so it is not possible.
Thanks for the information.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...