Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

splunk6161
Path Finder
‎06-29-2017 10:13 AM

When I import the csv file (before indexing), Splunk puts the columns in alphabetical order.
I would keep the sort as in the csv file.
thanks

0 Karma
Reply

woodcock
Esteemed Legend
‎06-29-2017 12:34 PM

Splunk does not change anything upon indexing. What you are seeing is the fact that Splunk automatically sorts fields alphabetically if you do something like | table * so instead, list out the fields in the order that you like with | table field1 field2 field3 fieldz.

0 Karma
Reply

splunk6161
Path Finder
‎06-30-2017 02:31 AM

ok but its possible to see columns NOT in alphabetical order before indexing?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-30-2017 12:18 PM

Splunk indexes the files EXACTLY AS THEY ARE. It does not resort columns. So sort them in the order you like before Splunk gets a look at them.

0 Karma
Reply

sbbadri
Motivator
‎06-29-2017 10:40 AM

Hello,

you can do the following,

$SPLUNK_HOME/etc/apps//local/transforms.conf

[extract_csv]
filename = extract.csv
index_fields_list = field1, field2 ....

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
Top