Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

monitor csv data

schava2
Explorer
‎01-22-2012 12:15 PM

I am performing the following test in my env,

props.conf
[newcsvtest]
REPORT-newcsvtest = newcsvtest
SHOULD_LINEMERGE = false
TIME_FORMAT = %H:%M:%S
TIME_PREFIX = ^
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)

with a corresponding

transforms.conf
[newcsvtest]
DELIMS = ","
FIELDS = field1, field2, field3, field4, field5, field6, field7, field8, field9, field10, field11

and used the following for monitoring the data:

/opt/splunk/bin/splunk add monitor /opt/splunk/etc/apps/sample_app/logs/logtestdata/newcsvtest_log -sourcetype newcsvtest -index _internal

however, the csv file of the following format doesn't get line seperated appropriately

13:05:00,1781,3,3,1785,2,0,0,0,2,20
13:10:00,1781,3,3,1785,2,0,0,0,2,20
13:15:00,1781,3,3,1785,2,0,0,0,2,20

Any help would be greatly appreciated.
Thanks.

Tags (1)
0 Karma
Reply

schava2
Explorer
‎01-22-2012 04:37 PM

this worked in a different env for me. Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...