I have installed Splunk Enterprise version 8.0.4 on an Ubuntu IBM cloud Server with default port(8000). I can access Splunk from my Laptop's Chrome / Edge browsers. I uploaded an CSV from browser as admin and could search. I have two doubts in this regard
1. How to load an CSV file from Linux command prompt? I went through documentation provided online. What I did not understand was, what is "|" symbol before invoking inputcsv command? Is it some Splunk shell kind of stuff? Is it CLI ? or something
2. I created an user from admin GUI and gave role of "user". Can I upload a CSV by logging in as this user? As per documentation, "user" role should be able to input a file, However, I did not find "Add Data" option on GUI for this user.
Any help is greatly appreciated
inputcsv
is a generating command, which means it must be preceded by the |
character even when it's the first command in a query. The leading |
tells Splunk to not add the implicit "search" command.2, By default, the user role cannot add data. Where did you see the documentation about users and files?
input_file
capability "Lets the user add a file as an input through inputcsv and inputlookup." (emphasis mine) That means they can include a file in their queries. It has nothing to do with Add Data.What is inputcsv command used for ? I was thinking an CSV file can be loaded into an index. Is it correct?
RTM! (https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Inputcsv)
That command reads a file and makes each row an event in the current query. It does not cause data to be indexed. If you want to index a CSV, you can use the collect
command after inputcsv
.