Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Importation and visualisation of CSV issue

nathanboon
Engager
‎03-23-2021 07:16 AM

Hello, 

I have a CSV dataset with 2 colomns (_time , temperature) but when i import the dataset in Splunk to do a visualization of the dataset, Splunk plot the dataset with the temperature as the X value and the time as a Y value. How can I change the two columns? 

I tried to modify directly the CSV file but doesn't change anything.

nathanboon_0-1616508843910.png

nathanboon_1-1616508904826.png

Thanks 

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-24-2021 08:34 AM

Just select time range as All time on top right. It is now showing last 24 hour. That is why you don't see events.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-24-2021 08:05 AM

Please try with "All time". Because your dataset has timestamps with year 2010. 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

nathanboon
Engager
‎03-24-2021 08:20 AM

Sorry i'm new with Splunk and i don't where i have to type "all time"

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-24-2021 07:45 AM

Hi @nathanboon,

I see a warning on your screenshot top-left stating that _time should be UNIX time. I think your CSV timestamps are not epoc. Can you please change the search like below;

| inputcsv dataset.csv 
| eval _time=strptime(_time,"%Y-%m-%d %H:%M")
| table _time temperature

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

nathanboon
Engager
‎03-24-2021 07:50 AM

I change the command but now Splunk doesn't recognize the dataset anymore

nathanboon_0-1616597427780.png

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-23-2021 07:30 AM

Have you tried using the table command to specify the field order?

| inputcsv dataset.csv | table _time temperature
---
If this reply helps you, Karma would be appreciated.
Reply

nathanboon
Engager
‎03-23-2021 08:33 AM

Yes i tried this and it's works , the visualization is good however when i'm trying to apply a filter kalman, it doesn't show anything:

nathanboon_0-1616513575290.pngnathanboon_1-1616513595105.png

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-23-2021 08:45 AM

The instructions at https://docs.splunk.com/Documentation/MLApp/5.2.1/User/FTSExperiment#Assistant_workflow say to specify a Period.  Have you tried that?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

nathanboon
Engager
‎03-24-2021 07:17 AM

I specify the period of 1 year (365) but the result is the same.

I tried many different configuration but Splunk doesn't plot anything.

nathanboon_1-1616595411311.png

 

nathanboon_0-1616595385377.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...