Every day at 10:00 am, I receive a .csv file with data from 00:00 of the previous day until 10:00 of the current day (34 hours).
I would like to index only the data of the previous day. Currently I open each file, remove data from 00:00 to 10:00 of the current date, save in an index directory and index in Splunk. Do I have to write a script or set a configuration file for an automatic operation?
Thank you in advance.
I would write a script to truncate the file and drop it to Splunk monitored folder OR to just configure that script as Scripted input and make script to send data to Splunk directly (no file monitoring required).