Hello everyone,
I hope you are fine.
So I have a question about the indexing of data in Splunk and especially the control of the data.
My configuration is an indexer distributed with a forwarder.
I receive data from a remote mount. These are CSV files.
An example of structure:
date, host, ipv4, ipv6, dns, nb_packet, size, ....
line 125: ipv4=12.32.45.255 => right
line 356: ipv4= 42.hello!.84.125 => wrong so go in index=error please and hurry up 🙂
I would like to control the content of the data. For example, that the format of ipv4 is good.
is it possible for each field to control the format of its value in transform.conf or props.conf?
Today, I run my CSV python (panda) to control them.
Is Splunk able to do it?
If you have an example with a CSV with two or three fields, I'm interested.
I thank you a thousand times.
Oxthon.
... View more