I need Splunk to index data on software distribution logs.
Logs are created from data gathered from few sources by a shell script.
One log is created for one day.
Log name example: GCKD-20110304.csv
Log name convention: GCKD-yyyymmdd.csv
Log content example: 1722383;winxp;MS10-034;xx-x-xxxxxxx;SUCCESSFUL;2011.03.04
Log content convention: DistroID;OS;patch;EndPoint;State;Date;Time
DistroID - 7-digit distribution ID
OS - for which type of Windows is the patch specified (two values: winxp or win7)
patch - name of M$ patch (MSXX-XXX)
EndPoint - receiving machine - 15 characters
State - distribution state: SUCCESSFUL; FAILED; EXPIRED; etc
Date - yyyy.mm.dd format
Time - hh:mm:ss
Can anyone tell me how to configure Splunk to use distribution time and date as correct timestamps. And that source host is the EndPoint name?
And how can I configure input to have more advanced reporting capabilities (like teaching Splunk the names of each csv field to build good looking reports)
... View more