Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk to not put CSV columns in alphabetical order before indexing?

splunk6161
Path Finder
‎06-29-2017 10:13 AM

When I import the csv file (before indexing), Splunk puts the columns in alphabetical order.
I would keep the sort as in the csv file.
thanks

0 Karma
Reply

woodcock
Esteemed Legend
‎06-29-2017 12:34 PM

Splunk does not change anything upon indexing. What you are seeing is the fact that Splunk automatically sorts fields alphabetically if you do something like | table * so instead, list out the fields in the order that you like with | table field1 field2 field3 fieldz.

0 Karma
Reply

splunk6161
Path Finder
‎06-30-2017 02:31 AM

ok but its possible to see columns NOT in alphabetical order before indexing?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-30-2017 12:18 PM

Splunk indexes the files EXACTLY AS THEY ARE. It does not resort columns. So sort them in the order you like before Splunk gets a look at them.

0 Karma
Reply

sbbadri
Motivator
‎06-29-2017 10:40 AM

Hello,

you can do the following,

$SPLUNK_HOME/etc/apps//local/transforms.conf

[extract_csv]
filename = extract.csv
index_fields_list = field1, field2 ....

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...