Splunk Search

PROPS Conf with CSV File

SplunkDash
Motivator

Hello,

I wrote a PROPS Configuration file for following csv file but getting error message. Any help will be highly appreciated. Thank you so much.

 
 

malekmo_5-1629072882970.png

 

[ csv ]

SHOULD_LINEMERGE=false

CHARSET=UTF-8

INDEXED_EXTRACTIONS=csv

TIME_FORMAT=%Y%m%d %H:%M:%S:%Q

HEADER_FIELD)LINE_NUMBER=1

TIMESTAMP_FIELDS=TIMESTAMP

category=Structured

 

 

Labels (1)
Tags (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  try below you have to deploy them to UF.

[ csv ]
SHOULD_LINEMERGE=false
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%Y%m%d %H:%M:%S:%3Q
HEADER_FIELD_LINE_NUMBER=1
TIMESTAMP_FIELDS=TIMESTAMP
category=Structured

  

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  try below you have to deploy them to UF.

[ csv ]
SHOULD_LINEMERGE=false
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%Y%m%d %H:%M:%S:%3Q
HEADER_FIELD_LINE_NUMBER=1
TIMESTAMP_FIELDS=TIMESTAMP
category=Structured

  

SplunkDash
Motivator

Thank you so much. But, still getting error message...Failed to parse timestamp!!!

Tags (1)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  Your field name in CSV seems TimeStamp (camel case), what you have set TIMESTAMP_FIELDs = TIMESTAMP (caps) can you correct it to match with CSV header names.

0 Karma

SplunkDash
Motivator

oops ...😀  cool working as expected, thank you so much, appreciated!!!

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...