×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
estepgi
New Member
Member since: ‎11-17-2015
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-17-2015
View All

Re: Why are lines in a gzip'ed CSV showing up twic...

by in Getting Data In
‎11-19-2015 07:53 AM
‎11-19-2015 07:53 AM
Thanks for the response. Actually I was already using the "continuously monitor" option that you recommend. I definitely don't want to re-upload my files. As I said, this does work well for plaintext csv files but it leads to duplication for gzipp'ed csv files. ... View more

Why are lines in a gzip'ed CSV showing up twice in...

by in Getting Data In
‎11-17-2015 12:41 PM
‎11-17-2015 12:41 PM
Hi. Just installed Splunk for the first time today. As a tes,t I took a CSV file and indexed it, and it worked fine. Then I created a new file in CSV format and gzip'ed it. test.csv.gz field,val blah,whatever It indexed fine. I then edited the file using vi, adding in a new line : newfield,morestuff I then and then searched the results again. Now the "newfield,morestuff" shows up once in the results, but "blah,whatever" shows up twice. I tried adding more lines and saw the same pattern - the most recent line shows up once, but the older lines are duplicated in the search results. I then added | dedup _raw to the search and the duplicates went away. However, I'm looking for a more elegant solution. By the way, I also tried unzipping the file, editing it, then gzipping it again, with the same results. Thanks for your help! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM