How to on-board comma separated csv data with pip...

mlevsh · ‎12-22-2020

Hi

Looking for the advice how to on-board the csv file with comma separated values but each field has pipes around it : |field1|,|field2|,...,|fieldn|

Example:

Header:
ACTIVITY_LOG_Time,INGRESS_EGRESS_IND,DEST_FMLY_CD,DU_ID,CHANNEL,SBMTR_ID,PRPTY_VALUE_TX,BUSINESS_LINE,TECH_FNCTN_ID,ACTVY_STAT_ID,ACTVY_STAT_DS,ACTVY_SCSFL_IN,SMF_ID,DU_TRKNG_NB,PARTY_ACCT_ID,GROUP_USER,TOPIC_3_VALUE_TX,DU_MQMD_TX

Sample Event:
|2020-12-21-02.42.14.242001|,|Ingress|,|ABC|,|ZP00119842239341|,|MQ|,|G0000246|,NULL,|TRA|,|TRAM|,1,|MQ Message Queued|,|Y|,|001|,|ZP00119842239341|,||,|G0000246|,||,|Â (?Ã¥Ã«&?Ã¡Ã¨Ã¤&Ã¨???<9d>Â³ÃºÂ¬^]P?|

Thank you in advance

richgalloway · ‎12-23-2020

Try these settings.

[mysourcetype]
INDEXED_EXTRACTIONS = CSV
FIELD_QUOTE = |
TIMESTAMP_FIELDS = ACTIVITY_LOG_Time
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%6N

---
If this reply helps you, Karma would be appreciated.

How to on-board comma separated csv data with pipes around each fields

CSV

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to on-board comma separated csv data with pipes around each fields

CSV

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...