Splunk Enterprise

Import Splunk Logs into correct index, sourcetype and host

splunky1
Loves-to-Learn Everything

I did extract Splunk logs from a different Splunk instance using curl export method with the following information in the csv format

| table index, sourcetype, source, host, _raw

I got nearly some 5GB data. Is there any way I can import this data in another Splunk instance's HF so that the data get auto aligned to the right index, sourcetype, source and host?

Currently, I am trying the add data from the console which allows 500mb but it request manually choose the sourcetype, index and other settings before importing. 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...