Splunk Enterprise Security

How do you properly upload CSV data to Splunk?

krhines410
New Member

I am trying to be an admin for a separate work project. But our original admin has been out of town for a few weeks, so I am unable to ask him before my deadline. I was trying to get this sample project done..

I have TXT file logs that I transfer over to Excel CSV sheets, and i use the first line as the field names, and the columns for each field have a flow of data.

When I upload the the CSV to Splunk, all I am getting is a 100% bar but it is gray. When I upload the sample logs from Splunk, the bar goes green.

Do you have any tips on making the data acceptable. My Excel sheet looks almost identical to Splunk's sample sheets but my data does not confirm with a green bar.

Any suggestions?

0 Karma

Noah_Woodcock
Path Finder

Blog post

This blog post has good information!

0 Karma

woodcock
Esteemed Legend

I think you have a problem with your links; I only see a google search, @noah_woodcock.

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

First, save as your excel file in CSV file and then open it into notepad++ or any text editor to verify it. If your data having a comma as a value then make sure you need to select different separator as csv data separator, like pipe.

After creating proper csv file upload into splunk

woodcock
Esteemed Legend

Make sure that you do Save As in Excel and select DOS CSV or Windows CSV or even plain text. Then open the file with Notepad++ and make sure that it looks the way that it should. Then upload this version if the file.

krhines410
New Member

Was not aware that I should do Notepad++ going to be looking into that..

Thank you

0 Karma

woodcock
Esteemed Legend

I have had problems with the way that Notepad handles newlines on Windows for Splunk files. I have never had any problems with Notepad++. I actually use vi and mobaxterm.

0 Karma

MonkeyK
Builder

Adonio has an excellent answer. I would also recommend the lookup editor app on SplunkBase. Lets you cut and paste from a spreadsheet with automatic insertion of new lines.

krhines410
New Member

I did do that and its very useful.

But i was still trying to resolve my initial issue. Where my CSV files will not upload to Splunk.. it is frustrating

0 Karma

felipesewaybric
Contributor

Have you try the untable command?

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @krhines410,

Did the answer below solve your problem? If so, please resolve this post by approving it!

If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks for posting!

0 Karma

adonio
Ultra Champion

Splunk Can Not index Excel files as those contain binary (propitiatory formatted) data.
save your files as .csv and enjoy Splunk power

more related answers here:
https://answers.splunk.com/answers/568971/what-is-the-best-way-to-index-excel-sheet-to-splun-1.html
https://answers.splunk.com/answers/327256/when-indexing-an-excel-file-with-the-xlsx-file-ext.html

krhines410
New Member

I converted a txt document to an excel spreadsheet and saved it as .csv. inside excel.

The downloaded test data that Splunk provides is Excel .csv

When you upload my document the percentage bar will go to a 100% but it is grayed.

When you upload Splunks excel sheet it goes 100% green.

Is it due to the fact that they are in zipped csv files?

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...