Thanks i read the documentation and i am still trying to figure out how to get it working for my scenario. So the example of in this documentation is pasted below. My csv caled "g.csv" has the field delimiter of a "," also. There are a number of columns that have date fields such as "Updated" ,"Start Date", "Created", "Due Date" "Closed" these all come in the format of date and time.
I am not sure what they are looking for when they say HEADER_FIELD_LINE_NUMBER as the header is on row one and if they are talking about tabs its 29 tabs until the comma before "Created" column.
Where i am lost is where do you specify that you want "Created" column to be brought in as the indexed _time so its searchable. I had been trying a strftime function but this was not viable it was not accurate when looking for data e..g all of issues for february. It then gave me back all the issues pulled in february not all the issues created in february. thanks gain really appreciate the assistance.
I cant add an attachment as i don't have enough karam points (there was thinking i had loads of karma 🙂 ) .Ill paste it below thanks.
C.
,Tracker,Status,Priority,Subject,Assignee,Updated,Environment,Category,IR Shift,Normalized Detection Source,Private,IPs,Risk,Hostname,Dept,Country,Office Location,User Action,Project,Parent task,Target version,Start date,Due date,Author,Estimated time,Total estimated time,Spent time,Total spent time,Created,Closed,% Done,Related issues,owner-email,Username,Hash,Remediation Actions
123,issue,False Positive,P3,Test1,Colin ,4/3/18 13:40,Corp ,Test1,Europe,None,No,8.8.8.8,,DSA00001,Sales,IE,Dublin,None,IR,,,4/3/18,,REST API User,,,0,0,4/3/18 12:01,4/3/18 13:42,0,,,A.Watts,,None
124,issue,In Progress,P3,Test2,Colin ,4/3/18 13:25,Corp ,Test2,Off-Shift,None,No,1.1.1.1.,,,Marketing,US,Washington,None,IR,,,4/3/18,,REST API User,,,0,0,4/3/18 9:12,,0,,,B.Wayne,,None
125,issue,Resolved,P3,Test3,Niall,4/3/18 13:32,Corp ,Test3,US,None,No,8.8.8.6,,,Customer,AU,New York,None,IR,,,4/2/18,,REST API User,,,0,0,4/3/18 7:43,4/3/18 13:31,0,,,S.Costello,,None
Example from Documentation
[CSVWithFewHeaderFieldsWithoutAnyValues]
FIELD_DELIMITER=,
[VeryLargeCSVFile]
FIELD_DELIMITER=,
[UselessLongHeaderToBeIgnored]
HEADER_FIELD_LINE_NUMBER=35
TIMESTAMP_FIELDS=Date,Time,TimeZone
FIELD_DELIMITER=\s
FIELD_QUOTE="
[HeaderFieldsWithFewEmptyFieldNamesWithSpaceDelim]
FIELD_DELIMITER=,
HEADER_FIELD_DELIMITER=\s
FIELD_QUOTE="
[ExtractCorrectHeaders]
FIELD_HEADER_REGEX=Ignore_This_Stuff:\s(.*)
FIELD_DELIMITER=,
... View more