Splunk Search

PROPS Conf with CSV File

SplunkDash
Motivator

Hello,

I wrote a PROPS Configuration file for following csv file but getting error message. Any help will be highly appreciated. Thank you so much.

 
 

malekmo_5-1629072882970.png

 

[ csv ]

SHOULD_LINEMERGE=false

CHARSET=UTF-8

INDEXED_EXTRACTIONS=csv

TIME_FORMAT=%Y%m%d %H:%M:%S:%Q

HEADER_FIELD)LINE_NUMBER=1

TIMESTAMP_FIELDS=TIMESTAMP

category=Structured

 

 

Labels (1)
Tags (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  try below you have to deploy them to UF.

[ csv ]
SHOULD_LINEMERGE=false
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%Y%m%d %H:%M:%S:%3Q
HEADER_FIELD_LINE_NUMBER=1
TIMESTAMP_FIELDS=TIMESTAMP
category=Structured

  

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  try below you have to deploy them to UF.

[ csv ]
SHOULD_LINEMERGE=false
CHARSET=UTF-8
INDEXED_EXTRACTIONS=csv
TIME_FORMAT=%Y%m%d %H:%M:%S:%3Q
HEADER_FIELD_LINE_NUMBER=1
TIMESTAMP_FIELDS=TIMESTAMP
category=Structured

  

SplunkDash
Motivator

Thank you so much. But, still getting error message...Failed to parse timestamp!!!

Tags (1)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

@SplunkDash  Your field name in CSV seems TimeStamp (camel case), what you have set TIMESTAMP_FIELDs = TIMESTAMP (caps) can you correct it to match with CSV header names.

0 Karma

SplunkDash
Motivator

oops ...😀  cool working as expected, thank you so much, appreciated!!!

0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...