×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
croose
Engager
Member since: ‎04-14-2012
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎04-14-2012
View All

Why is this props.conf not stripping headers for b...

by in Getting Data In
‎02-23-2014 10:12 AM
1 Karma
‎02-23-2014 10:12 AM
1 Karma
Am I missing something? My understanding of splunk 6 is that the following configuration should strip all lines beginning with '#' and parse the line beginning with '#fields ' for field names, starting after the text #fields[tab]. However, headers are not being stripped and fields are being parsed beginning with #fields, so they are one column off. I think I need some assistance from someone who understands splunk better than me, because I'm going crazy trying to understand why this isn't working. props.conf: [brolog] PREAMBLE_REGEX=^# FIELD_HEADER_REGEX=^#fields\t FIELD_DELIMITER=\t MISSING_VALUE_REGEX=- ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All