Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to ingest Jan month data into Splunk?

Anud
Path Finder
‎05-04-2023 05:15 AM

Hi Team,

Please suggest me to ingest the Jan month data into Splunk.
Those files are CSV files and its contains 18gb size and total 4 days data has to sent to Splunk index.
please let us know the possibilities to ingest old data.

Thanks in advance!!

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-04-2023 05:42 AM

Hi @Anud,

I suppose that the 4 GB of data aren't in the same file!

Anyway, you have to follow the normal procedure to ingest csv files documented at https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/Monitorfilesanddirectorieswithinputs.conf 

There are many video (e.g. https://www.youtube.com/watch?v=3kx0OGKy_XU) that describes this process.

Ciao.

Giuseppe

0 Karma
Reply

Anud
Path Finder
‎05-04-2023 06:02 AM
Thanks for the quick response!! Here each day we have 18GB file size, so is it possible for normal process way to ingest. That data is from Jan month and indexed time stamp will be today date or else Jan month. how it looks, please let us know.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-04-2023 06:29 AM

Hi @Anud,

I'm not sure that's possible to read a 18GB csv file!

And it's also difficoult to manage a file of thst dimensions, I hint to find a different way to write tis file, e.g. applying a rotation policy.

Anyway, if possible, you can assign the timestamp based on one field in csv as usual.

If you don't have a date/time field in the csv how you define which rows must be indexed with the today's date and which one with the last month?

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...