multiple delimeter in transforms.conf is not worki...

abhayneilam · ‎11-04-2012

Hi,

I have a data as :

and in my transfoms.conf I have written:
DELIMS="|","|"
but it is not working, it is only working for "|" delimeter but not for "|" delimeter,

How to make it work please let me know because if I dont use "|" as a delimeter then

singh|26 and
singh|28 both will will be considered as a single field value but "singh" is a separate value and "26" is a separate value

Please help

Thanks in advance

Lucas_K · ‎11-04-2012

I think you should just be defining your delim ONCE not sure why you have it defined twice.
I believe you only specify it in that format when you want to key:pair value your data (which it doesn't appear you want to do).

So try something like the following in your transforms.conf
[my-extractions]
DELIMS="|"
FIELDS="first_name","middle_name","surname","age","location"

This should split out all of your fields.

multiple delimeter in transforms.conf is not working

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation