Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to not sort CSV file fields

kobayashines
New Member
‎10-24-2019 07:25 PM

I am Japanese. Posting using google translation.

I want to output the CSV file uploaded to Splunk in the original field order with a header.
However, when you upload a CSV file to Splunk, the fields are sorted alphabetically.

Please let me know if there is a way to not sort when uploading.
Or, please let me know if there is a way to restore the order when outputting.

Tags (2)
0 Karma
Reply

kobayashines
New Member
‎10-27-2019 10:39 PM

アドバイスありがとうございます。
Lookup File Editor Appを試してみたところ、表示は元々の表示となっていました。
しかし、データのアップロード後に、サーチとテーブルコマンドを実行したいです。(ダッシュボード上のqueryで実行します。)
結局テーブルコマンドで入れ替わってしまい、上手くいきませんでした。

0 Karma
Reply

woodcock
Esteemed Legend
‎10-27-2019 06:39 PM

@lloydknight is correct; the Lookup File Editor app will show you all fields, including invisible fields that begin with underscore ( _ ) characters, in the exact order that they appear. This app is built into Enterprise Security or you can install it on any other Search Head here:
https://splunkbase.splunk.com/app/1724/

0 Karma
Reply

kobayashines
New Member
‎10-27-2019 10:40 PM

Thank you for the advice.
When I tried Lookup File Editor App, the display was the original display.
However, after uploading data, I want to execute search and table commands. (Execute by query on the dashboard.)
Eventually it was replaced with a table command and it did not work.

0 Karma
Reply

kobayashines
New Member
‎10-27-2019 05:42 PM

I am a contributor.
I'm sorry. I misunderstood the cause of the problem.
It seems that the column order problem is not due to csv upload but to the table command specification.

This is the end of this question.
Thank you for your cooperation.

0 Karma
Reply

lloydknight
Builder
‎10-25-2019 07:19 AM

Can you try importing your csv file using Lookup File Editor App?

Reply

to4kawa
Ultra Champion
‎10-25-2019 04:24 AM

You should use the table command before the final output.

If you want to create dashboard:
how-to-show-more-selected-fields-on-dashboard-even

<fields>your expected fields order</fields>

please use this option.

0 Karma
Reply

kobayashines
New Member
‎10-25-2019 04:56 AM

I'm sorry, there wasn't enough explanation.
The user does not edit the SPL. (The user is not me.)
Users only upload and download data.

0 Karma
Reply

to4kawa
Ultra Champion
‎10-25-2019 06:27 AM

I'm not sure.
Is uploading / downloading possible even though SPL is not available?
Is it a question about the dashboard?

0 Karma
Reply

kobayashines
New Member
‎10-27-2019 07:14 AM

Yes, I use the dashboard.
What I want to do is:
1. Upload log data in CSV format
2. Analyze log data in dashboard using homebrew APP.
(APP calculates the analysis result for each log line)
3. Combine the original log data and analysis results and output as CSV file.

Here is an example.

logdata.csv

col_a, col_b, col_c
aaa, bbb, ccc
ddd, eee, fff
ggg, hhh, iii

Analysis results in APP

1
2
3

The desired output

col_a, col_b, col_c, Result
aaa, bbb, ccc, 1
ddd, eee, fff, 2
ggg, hhh, iii, 3

However, when output, the order of col_a, col_b, col_c, will change.
I think it is because it is sorted when uploading.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...