Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Not able to read CSV from Universal forwarder

shugup2923
Path Finder
‎01-10-2020 01:35 AM

I am trying to read csv from one of my universal forwareder, below is my inputs file

[monitor://D:\DUMP\Updated_Dump*.CSV]
sourcetype=csv
disabled=false
index=xyz
crcSalt=

After checking splunkd log getting below events
INFO TailingProcessor - Adding watch on path: D:\DUMP
INFO TailingProcessor - Parsing configuration stanza: monitor://D:\DUMP\Updated_Dump*.CSV

Please let me know how this can be resolved.

0 Karma
Reply

koshyk
Super Champion
‎01-10-2020 02:59 AM

as per logs, it seems it is reading the log file.
what's the search you using to search the data? Have a search across all your splunk for some keyword from CSV. It might have come up as another sourcetype or different index

index=* sourcetype=* <somekeyword_from_csv_file> earliest=-1000d latest=+100d | stats count by sourcetype,index

run btool on sourcetype csv for props.conf & transforms.conf to check if it is getting overridden somewhere.

0 Karma
Reply

shugup2923
Path Finder
‎01-12-2020 11:47 PM

I am using basic search - index=xyz sourcetype=csv

0 Karma
Reply

skalliger
Motivator
‎01-10-2020 01:51 AM

Those are informational messages, I don't see an error. Also, don't set a crcSalt if you don't need any.
The file is not getting ingested? Any WARN or ERROR messages from TailingProcessor in your log?

Skalli

0 Karma
Reply

shugup2923
Path Finder
‎01-10-2020 02:03 AM

crcSalt= is there, pasting error .
file is not getting ingested, can't see my data in search head, anyway to troubleshoot ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...