Splunk Search

How to capture the date on line 3 of a csv file, while the header fields begin on line 5

marcos_eng1
Explorer

Dear Community, 

I Have a csv file with no timestamp with the data, I only have a timestamp on the beggining of the file (Line 3). So, How do I capture the date on line 3 of a csv file, while the header fields begin on line 5 and following data begins on line 6?

See the data as follow:

CHILLER_01
slot:/Drivers/NiagaraNetwork/TA_WEB2_CAG/points/ARQUITETURA/POC$2dCHILLERS/CHILLER_01
02-Jun-20 2:55 PM BRT

?NOME DO PONTO,VALOR
"ALARME,""0.00"""
"CAP_TOTAL,""0.00"""
"CAP_TOTAL_A,""0.00"""
"CAP_TOTAL_B,""0.00"""

Labels (1)
Tags (1)
0 Karma

to4kawa
Ultra Champion

SEDCMD-headertrim=s/(?ms).*VALOR//

 

0 Karma

to4kawa
Ultra Champion

if header is fixed, try SEDCMD and EXTRACT with props.conf

0 Karma

marcos_eng1
Explorer

Header is fixed.

0 Karma

marcos_eng1
Explorer

Thanks....I am not really good with SEDCMD. I would really appreciate if you could provide the step by step procedure.

 

Thanks in Advance

 

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...