Getting Data In

How to add an old ticketing system data to splunk?


I had the idea to upload our old ticketing systems data into splunk and create dashboards to search through the information instead of grep commands, I have a few csv files (9 to be exact) and was wondering the best way to move forward.  

Questions to get me started: 
Should I append them for one big CSV file?

Should I index the CSV files?

should I use a .zip file with all the CSVs inside?



Labels (4)
Tags (2)
0 Karma

Without knowing your exact data, I will indexing those one by one with own sourcetype (if the content of file differs). All to one index.
Based on you exact data those other options could also be a good choices.
r. Ismo
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!