Hi Guys, I have a problem when I want to parse CSV-like data as the following, field1_name#XDSP#C#S#field2_name#XDSP#C#S#field3_name#XDSP#C#S#field4_name 1#XDSP#C#S#2#XDSP#C#S#3#XDSP#C#S#4 10#XDSP#C#S#20#XDSP#C#S#30#XDSP#C#S#40 100#XDSP#C#S#200#XDSP#C#S#300#XDSP#C#S#400 The first line has field names and the rest are values. Essentially the data is structured like CSV. I want Splunk to parse them as a CSV file, so I used FIELD_DELIMITER and HEADER_FIELD_DELIMITER attributes in props.conf, and configured Splunk the delimiter as #XDSP#C#S# . However, it is seems that the FIELD_DELIMITER can only be a single character. Anyone have good idea to deal with that? Any suggestions will be appreciated, thank u very much. ... View more

Dear ITSI dev dept, these days i work with splunk ITSI v2.0.0 to monitor our network environment i want to setup a scheduled search with storeentites command to update my entities periodlcally my search string is looked like: ... | storeentities identifier_fields="xxx" informational_fields="yyy" service_fields="zzz" insertion_mode=replace after execute the search , i can see the entities are created with alias and informational fields but they do not bind to any service. could u help me to confirm is it a BUG ? thank u very much ... View more