Not able to send csv data to splunk index via rest...

cbhattad1 · ‎07-08-2019

curl -k "http://host:8088/services/collector/?sourcetype=csv& index=csv_data" \
-H "Authorization: Splunk < token key >" \
-d 'a,b,c

1,3,4

2,4,5
'

The above call returns success. but when I see the index data in Splunk search, I see all the fields in one column _raw along with other fields like host, source etc

_raw
a,b,c
1,3,4
2,4,5

I want to see the fields to be separated by comma. I want the below output . with a, b, c as field names

a  b  c
1  3  4
2  4  5

tiagofbmm · ‎07-09-2019

You need to build a python for processing that:

https://answers.splunk.com/answers/638770/http-event-collector-and-csv-files.html

starcher · ‎07-09-2019

@tiagofbmm is right. HEC is not a file submission method. it. is an event submission method. Reading and sending the csv is on your code.

Not able to send csv data to splunk index via rest call - HEC

Re: Not able to send csv data to splunk index via rest call - HEC

Re: Not able to send csv data to splunk index via rest call - HEC