During import CSV, how do I use a host_segment att...

pmorlon · ‎09-19-2018

Hi,

I import a CSV file like this one :

date;host;type
18/09/18 10:23:50;SERV1;file
18/09/18 10:23:52;SERV2;serv
18/09/18 10:24:50;SERV3;file
18/09/18 10:30:50;SERV4;file
18/09/18 10:33:50;SERV5;file
18/09/18 10:33:55;SERV6;computer

Detected like this :

I try segment number : 2

But at the end, I have
extracted_host = SERVX <- It is ok
host = 127.0.0.1 <- All the line have the same host : 127.0.0.1

Is this normal ? And how could I have host valer with the name of the computer list in the CSV ?

richgalloway · ‎09-19-2018

"Segment number" refers to a portion of the source's file path. If the source is "http://127.0.0.1/foo/bar" then segment 2 would be correctly set to "127.0.0.1".
What result do you expect? Perhaps we can help you achieve that result.

---
If this reply helps you, Karma would be appreciated.

pmorlon · ‎09-19-2018

Thank Richgalloway for your answer.

I have this result :

And i want to have in the Host the same result that extracted_host : SERVX

Is it possible ?

pmorlon · ‎09-19-2018

The picture was not include : https://ibb.co/gFwCGe

richgalloway · ‎09-19-2018

Assignment of host name is done before lookups.

---
If this reply helps you, Karma would be appreciated.

pmorlon · ‎09-19-2018

Ok so it is not possible.
Thanks for the information.

During import CSV, how do I use a host_segment attribute to extract a host name?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation