Hi,
I have setup an universal forwarder to monitor a csv file and send the output to indexer(single instance acting as splunk web also). below are the config files on Universal forwarder.
input.conf [monitor://C:\logs_sql\logs.csv]
props.conf [source::C:\logssql\logs.csv] SHOULDLINEMERGE= false REPORT-logcsv=logcsv
tranforms.conf
[log_csv] DELIMS="," FIELDS="visitorid","uniqueid","country","Browser","Referrer","entrydate","IP"
Sample log file
visitorid,uniqueid,country,Browser,Referrer,entrydate,IP 10,26837:63373,United Kingdom,Mozilla/4.0,2009-10-02 14:59:37.437000000,16410458
After performing these changes nothing chnaged in output in splunk web.All the changes have been done on Universal forwarder only. Please let me know where i am going wrong?
... View more