Hi I am new to splunk Am trying to split Tab delimited file in the indexer . Below are the entries of the different config files . In spite of these the data that gets ingested in splunk is not split by field names . What am i doing wrong ? Entries : /opt/apps/splunkforwarder/etc/apps/DtuApp/local>vi props.conf [SplunkJobLog_csv] SHOULD_LINEMERGE = False pulldown_type = 1 REPORT-myname = getJobLogData [SplunkDbLog_csv] SHOULD_LINEMERGE = False pulldown_type = 1 REPORT-myname = getDbLogData /opt/apps/splunkforwarder/etc/apps/DtuApp/local>cat transforms.conf [getJobLogData] DELIMS = "\t" FIELDS = "ORDERID","JOBNAME","TYPE","ODATE","STATE","STATUS","FILENAME","APPLICATION","SUBAPPLICATION","STARTED","ENDED","TIME_OF_LOG_GEN" [getDbLogData] DELIMS = "\t" FIELDS = "coord_member","application_handle","application_name","session_auth_id","client_applname","elapsed_time_sec","activity_state","activity_type","total_cpu_time","total_cpu_time_ml","rows_read","rows_returned","query_cost_estimate","direct_reads","direct_writes","stmt_text","ts" /opt/apps/splunkforwarder/etc/apps/DtuApp/local>cat inputs.conf [default] host=xxxxxxx [monitor:///data/logs/splunk_logs/Job_status_logs/*.log] _TCP_ROUTING = DtuSplunk disabled=false index = 140868736_dtu_idx3 sourcetype=SplunkJobLog_csv crcSalt = <SOURCE> [default] host=xxxxxxxxx [monitor:///data/logs/splunk_logs/Other_logs/*.log] _TCP_ROUTING = DtuSplunk disabled=false index = 140868736_dtu_idx3 sourcetype=SplunkDbLog_csv crcSalt = <SOURCE> Output.conf [tcpout] defaultGroup=DtuSplunk [tcpout:DtuSplunk] server= <splunk_ip>:13938 useACK = true  ... View more