I am very new to Splunk but have been asked to look into the possibility to using Splunk to replace an existing system used query our CDR files.
From what I can tell Splunk has most of what we would need.
The one thing I cannot seem to find is:
Our files are comma separated but follow a pattern similar to ANumber,BNumber,deliveryDate,etc.
Our searches would be :
return all files where ANumber = ? and BNumber = ? and deliveryDate > ? etc
Our current system collects the files and inserts them into a database. It is told which field is what and creates a column based on this. The querys are then created to match the columns.
I cannot see a way of collecting files in Splunk where you can index the files by telling it a format field1,field2 etc
I hope this all makes sense. I am sure there is a way but that I am unable to see it.
Thanking you in advance
... View more