Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Not able to send csv data to splunk index via rest call - HEC

cbhattad1
New Member
โ€Ž07-08-2019 10:29 PM

curl -k "http://host:8088/services/collector/?sourcetype=csv& index=csv_data" \
-H "Authorization: Splunk < token key >" \
-d 'a,b,c

1,3,4

2,4,5
'

The above call returns success. but when I see the index data in Splunk search, I see all the fields in one column _raw along with other fields like host, source etc

_raw
a,b,c
1,3,4
2,4,5

I want to see the fields to be separated by comma. I want the below output . with a, b, c as field names

a  b  c
1  3  4
2  4  5
0 Karma
Reply

tiagofbmm
Influencer
โ€Ž07-09-2019 04:47 AM

You need to build a python for processing that:

https://answers.splunk.com/answers/638770/http-event-collector-and-csv-files.html

Reply

starcher
SplunkTrust
SplunkTrust
โ€Ž07-09-2019 06:26 AM

@tiagofbmm is right. HEC is not a file submission method. it. is an event submission method. Reading and sending the csv is on your code.

0 Karma
Reply