Hi,
I spent really a lot of time, but found no solution. Here is my problem. There is CSV file, which should be indexed:
Lötprotokoll Version 1.0
Laufende Nummer;Version Lötprotokoll;Lötprogramm Version
1;1;1;
2;3;4;
937;381.000000;110.000000;
938;382.000000;113.000000;
565136;1;1;9;
I want to sent it to the Splunk using forwarder. I want, that the rows 1, 3, 4, 5, 6 will be ignored and not indexed. Can anybody help me, please, how to do it?
Finally I used the Powershell script, which picks only (indexed from 0) rows 1, 6:
Get-ChildItem *\*.protocol | ForEach { Get-Content $_.Fullname | Select-Object -Index 1,6 | Out-File "$($_.Directory)\$($_.BaseName).csv" -Encoding utf8}
Finally I used the Powershell script, which picks only (indexed from 0) rows 1, 6:
Get-ChildItem *\*.protocol | ForEach { Get-Content $_.Fullname | Select-Object -Index 1,6 | Out-File "$($_.Directory)\$($_.BaseName).csv" -Encoding utf8}
I can create 2 very similar regex.
1. regex with 2 captured groups, which should be indexed
.+\n(.+\n).+\n.+\n.+\n.+\n(.+\n)
2. regex with 2 captured groups, which should be ignored
(.+\n).+\n(.+\n.+\n.+\n.+\n).+\n
I have probably 2 possible choises.
I tried to import the file manualy. I created my own sourcetype and added the parameter PREAMBLE_REGEX. It has no influence on the previewed content of indexed csv file. Even I tried simple regular expressions. The question is, if the parameter PREAMBLE_REGEX is either working properly.