Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to ingest Jan month data into Splunk?

Anud
Path Finder
‎05-04-2023 05:15 AM

Hi Team,

Please suggest me to ingest the Jan month data into Splunk.
Those files are CSV files and its contains 18gb size and total 4 days data has to sent to Splunk index.
please let us know the possibilities to ingest old data.

Thanks in advance!!

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-04-2023 05:42 AM

Hi @Anud,

I suppose that the 4 GB of data aren't in the same file!

Anyway, you have to follow the normal procedure to ingest csv files documented at https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

There are many video (e.g. https://www.youtube.com/watch?v=3kx0OGKy_XU) that describes this process.

Ciao.

Giuseppe

0 Karma
Reply

Anud
Path Finder
‎05-04-2023 06:02 AM
Thanks for the quick response!! Here each day we have 18GB file size, so is it possible for normal process way to ingest. That data is from Jan month and indexed time stamp will be today date or else Jan month. how it looks, please let us know.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-04-2023 06:29 AM

Hi @Anud,

I'm not sure that's possible to read a 18GB csv file!

And it's also difficoult to manage a file of thst dimensions, I hint to find a different way to write tis file, e.g. applying a rotation policy.

Anyway, if possible, you can assign the timestamp based on one field in csv as usual.

If you don't have a date/time field in the csv how you define which rows must be indexed with the today's date and which one with the last month?

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...