OS - for which type of Windows is the patch specified (two values: winxp or win7)
patch - name of M$ patch (MSXX-XXX)
EndPoint - receiving machine - 15 characters
State - distribution state: SUCCESSFUL; FAILED; EXPIRED; etc
Date - yyyy.mm.dd format
Time - hh:mm:ss
Can anyone tell me how to configure Splunk to use distribution time and date as correct timestamps. And that source host is the EndPoint name?
And how can I configure input to have more advanced reporting capabilities (like teaching Splunk the names of each csv field to build good looking reports)
To teach splunk to recognise the files and to pull the information through in a report you should look at field extraction as you can write a regex that names each field based on the delimeter being a semicolon and the choose the field number. Fortunately Splunk will also do this for you if you use the extract field wizard.