How to extract fields from CSV

Naga · ‎09-30-2021

I have a CSV file for ingestion like this. This needs to be monitored via inputs. I dont want to use INDEXED_EXTRACTION= CSV here. Without this I am able to get the feed in successfully. But not able to extract the fields I wanted

File sample

"NAME","AGE","GENDER"

"John","32","MALE"

"ROSE","23","FEMALE"

#props

[mysourcetype]
FIELD_DELIMITER = ,
FIELD_NAMES="NAME","AGE","GENDER"

HEADER_FIELD_LINE_NUMBER=1
HEADER_FIELD_DELIMITER = ,
FIELD_QUOTE = "
HEADER_FIELD_QUOTE = "
DATETIME_CONFIG = CURRENT
SHOULD_LINEMERGE=false
NO_BINARY_CHECK=true

No luck. Any ideas?

somesoni2 · ‎09-30-2021

If you're trying to do search time field extraction for CSV fields, give solution from this post a try:

https://community.splunk.com/t5/Getting-Data-In/splunk-field-extraction-csv/m-p/29894

isoutamo · ‎09-30-2021

You should drop FIELD_NAMES as you have already those names in your CSV file and pointed those with HEADER_FIELD_LINE_NUMBER

Naga · ‎09-30-2021

Thank you @isoutamo . I tried the same Removed FIELD_NAMES And tried as well. But no luck 😞

How to extract fields from CSV

CSV

props.conf

universal forwarder

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

How to extract fields from CSV

CSV

props.conf

universal forwarder

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition