Re: How do I associate the CSV file content genera...

WXY · ‎11-04-2018

Hi,
Now I have to get a CSV file from an outputcsv command :

index="fortify"| stats values(Codelocation) as codelocation by source | rename source as source_yy| outputcsv three.csv

and I can get a outputcsv like this :

 codelocation              source_yy
/root/taw/a                a_such.xml
/home/wxy/bc           b_code.xml

I have the following index data :

user=L_cu;sys_name=project_1;codeL=/root/taw/a;status=not_online;
user=A_by;sys_name=project_2;codeL=/home/wxy/bc;status=not_online;

Now, I want to use the outputcsv command to get a outputcsv file containing codeL,sys_name,source_yy

like these :

     codeL                      sys_name                   source_yy
/root/taw/a                 project_1                    a_such.xml
/home/wxy/bc            project_2                    b_code.xml

codeL and codelocation have the same content.

What should I do？

HiroshiSatoh · ‎11-05-2018

I do not think that CSV is necessary.
You can edit it like this.

index="fortify"| stats values(Codelocation) as codeL  by source 
| rename source as source_yy
| join codeL  [search ( index data )| extract pairdelim=";", kvdelim="="]
| table codeL sys_name source_yy

※If you use CSV

( index data )| extract pairdelim=";", kvdelim="="]
　| join codeL  [search |inputcsv three.csv|renmae codelocation as codeL]
    | table codeL sys_name source_yy]

WXY · ‎11-05-2018

Thank you very much!

How do I associate the CSV file content generated by the outputcsv command with index data?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor