Solved: Re: Extract fields of CSV data source in Upper cas...

rashi83 · ‎06-10-2019

I have a CSV file with region , status , hostname as Columns - field extraction works and gives them as region , status and hostname. Instead I want extraction to work like "Region " "Hostname " Status".

Is there any setting in source type advance to achieve this?

jnudell_2 · ‎06-10-2019

Hi Rashi83,

I think it would help if you told us why you want to have the field names from the CSV in proper case. In the end, it's not really going to matter, because you can always rename the fields at search time: | rename region as Region, status as Status, hostname as Hostname

If you're only concerned about how it will appear in search results or a report, then use rename at search time.

View solution in original post

jnudell_2 · ‎06-10-2019

Hi Rashi83,

I think it would help if you told us why you want to have the field names from the CSV in proper case. In the end, it's not really going to matter, because you can always rename the fields at search time: | rename region as Region, status as Status, hostname as Hostname

If you're only concerned about how it will appear in search results or a report, then use rename at search time.

somesoni2 · ‎06-10-2019

How have you extracted fields? Do you have control on changing the CSV headers?

rashi83 · ‎06-10-2019

no I do not have control on CSV .

Field extraction was done automatically when I choose sourcetype = CSV

Extract fields of CSV data source in Upper case

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation