Security

How to use inputcsv command

sarmahari
New Member

I have installed Splunk Enterprise version 8.0.4 on an Ubuntu IBM cloud Server with default port(8000). I can access Splunk from my Laptop's Chrome / Edge browsers. I uploaded an CSV from browser as admin and could search. I have two doubts in this regard
1. How to load an CSV file from Linux command prompt? I went through documentation provided online. What I did not understand was, what is "|" symbol before invoking inputcsv command? Is it some Splunk shell kind of stuff? Is it CLI ? or something
2. I created an user from admin GUI and gave role of "user". Can I upload a CSV by logging in as this user? As per documentation, "user" role should be able to input a file, However, I did not find "Add Data" option on GUI for this user.

Any help is greatly appreciated

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
  1. inputcsv is a generating command, which means it must be preceded by the | character even when it's the first command in a query. The leading | tells Splunk to not add the implicit "search" command.

2, By default, the user role cannot add data. Where did you see the documentation about users and files?

---
If this reply helps you, Karma would be appreciated.
0 Karma

sarmahari
New Member
  1. Regarding inputcsv, where should this command be issued? If I directly type |inputcsv getting error as "-bash: syntax error near unexpected token `|'". Should I issue in some Splunk shell or CLI or where. Sorry for asking trivial question, but went thro' lot of examples, did not find any answers
  2. https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Admin/UserAccounts at this URL Search for "input_file"
0 Karma

richgalloway
SplunkTrust
SplunkTrust
  1. What is the full command you are trying to enter and where did you find it?
  2. The input_file capability "Lets the user add a file as an input through inputcsv and inputlookup." (emphasis mine) That means they can include a file in their queries. It has nothing to do with Add Data.
---
If this reply helps you, Karma would be appreciated.
0 Karma

sarmahari
New Member

What is inputcsv command used for ? I was thinking an CSV file can be loaded into an index. Is it correct?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

RTM! (https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Inputcsv)
That command reads a file and makes each row an event in the current query. It does not cause data to be indexed. If you want to index a CSV, you can use the collect command after inputcsv.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...