I am indexing email data that Splunk reads from an inbox folder (via TA-mailclient). Those emails contain a csv file that comes as file attachment to the email.
Below is an example where the field name of the attachment is file_content and the field value is below:
Stopped by Reputation Filtering,Stopped as Invalid Recipients,Spam Detected,Virus Detected,Stopped by Content Filter,Total Threat Messages,Clean Messages,Total Attempted Messages
9.28068485506,0.0,45.1350500141,0.00114191624597,1.53311465023,55.9499914356,44.0500085644,--
251946,0,1225297,31,41620,1518894,1195841,2714735
I want to be able to manipulate the results to look like below:
Stopped by Reputation Filtering
Stopped as Invalid Recipients
Spam Detected
Virus Detected
Stopped by Content Filter
Total Threat Messages
Clean Messages
Total Attempted Messages
9.280684855
0
45.13505001
0.001141916
1.53311465
55.94999144
44.05000856
--
251946
0
1225297
31
41620
1518894
1195841
2714735
Can someone please advise how to achieve this ?
... View more