Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Not able to read CSV from Universal forwarder

shugup2923
Path Finder
‎01-10-2020 01:35 AM

I am trying to read csv from one of my universal forwareder, below is my inputs file

[monitor://D:\DUMP\Updated_Dump*.CSV]
sourcetype=csv
disabled=false
index=xyz
crcSalt=

After checking splunkd log getting below events
INFO TailingProcessor - Adding watch on path: D:\DUMP
INFO TailingProcessor - Parsing configuration stanza: monitor://D:\DUMP\Updated_Dump*.CSV

Please let me know how this can be resolved.

0 Karma
Reply

koshyk
Super Champion
‎01-10-2020 02:59 AM

as per logs, it seems it is reading the log file.
what's the search you using to search the data? Have a search across all your splunk for some keyword from CSV. It might have come up as another sourcetype or different index

index=* sourcetype=* <somekeyword_from_csv_file> earliest=-1000d latest=+100d | stats count by sourcetype,index

run btool on sourcetype csv for props.conf & transforms.conf to check if it is getting overridden somewhere.

0 Karma
Reply

shugup2923
Path Finder
‎01-12-2020 11:47 PM

I am using basic search - index=xyz sourcetype=csv

0 Karma
Reply

skalliger
Motivator
‎01-10-2020 01:51 AM

Those are informational messages, I don't see an error. Also, don't set a crcSalt if you don't need any.
The file is not getting ingested? Any WARN or ERROR messages from TailingProcessor in your log?

Skalli

0 Karma
Reply

shugup2923
Path Finder
‎01-10-2020 02:03 AM

crcSalt= is there, pasting error .
file is not getting ingested, can't see my data in search head, anyway to troubleshoot ?

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...