Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What would you say is the recommended method for handling CSV files?

aquinol
Explorer
‎10-17-2022 08:44 AM

Hi All-

What would you say is the recommended method for handling CSV files? 

Ingesting it into an index or using it as a lookup table? 

TLDR - Server team keeps server master list as CSV.  Want to bring it into Splunk as the reference (baseline) which all other tools report against (AD, CS, R7 etc).  Should I ingest that CSV into an index or keep it a csv and use it as a lookup table?

 

Thanks in Advance!

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 09:17 AM

Hi

If it changed regularly then the better way could be ingest it, even it use your license. And especially if you have several SHs when you want to use it (without SHC). If it's quite statics and you have only some or even one SH and you are using suitable automatic, then probably the easiest way is use csv files.

Anyhow you probably should add scheduled searches to export that list to csv or kvstore to use it easier on splunk side.

r. Ismo

0 Karma
Reply

aquinol
Explorer
‎10-17-2022 09:22 AM

Thanks for the feedback!  The server guys change it semi regularly (whenever they add/remove/change a server).  So I think you're right about ingesting it, then having it in the KV store would probably be the best method.  On that same vein....  The actual Server DB is an Access DB, they currently export it to CSV as i haven't figured out a better method to ingest it into Splunk.  DB connect isn't an option for us.  You wouldn't happen to have a better method other than CSV and ingest would you?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-17-2022 10:13 PM

With access FSB is definetelly better than try to get DB Connect to work with it. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...