I am Japanese. Posting using google translation.
I want to output the CSV file uploaded to Splunk in the original field order with a header.
However, when you upload a CSV file to Splunk, the fields are sorted alphabetically.
Please let me know if there is a way to not sort when uploading.
Or, please let me know if there is a way to restore the order when outputting.
アドバイスありがとうございます。
Lookup File Editor App
を試してみたところ、表示は元々の表示となっていました。
しかし、データのアップロード後に、サーチとテーブルコマンドを実行したいです。(ダッシュボード上のqueryで実行します。)
結局テーブルコマンドで入れ替わってしまい、上手くいきませんでした。
@lloydknight is correct; the Lookup File Editor
app will show you all fields, including invisible fields that begin with underscore ( _
) characters, in the exact order that they appear. This app is built into Enterprise Security
or you can install it on any other Search Head here:
https://splunkbase.splunk.com/app/1724/
Thank you for the advice.
When I tried Lookup File Editor App
, the display was the original display.
However, after uploading data, I want to execute search and table commands. (Execute by query on the dashboard.)
Eventually it was replaced with a table command and it did not work.
I am a contributor.
I'm sorry. I misunderstood the cause of the problem.
It seems that the column order problem is not due to csv upload but to the table command specification.
This is the end of this question.
Thank you for your cooperation.
Can you try importing your csv file using Lookup File Editor App?
You should use the table
command before the final output.
If you want to create dashboard:
how-to-show-more-selected-fields-on-dashboard-even
<fields>your expected fields order</fields>
please use this option.
I'm sorry, there wasn't enough explanation.
The user does not edit the SPL. (The user is not me.)
Users only upload and download data.
I'm not sure.
Is uploading / downloading possible even though SPL is not available?
Is it a question about the dashboard?
Yes, I use the dashboard.
What I want to do is:
1. Upload log data in CSV format
2. Analyze log data in dashboard using homebrew APP.
(APP calculates the analysis result for each log line)
3. Combine the original log data and analysis results and output as CSV file.
Here is an example.
col_a, col_b, col_c
aaa, bbb, ccc
ddd, eee, fff
ggg, hhh, iii
1
2
3
col_a, col_b, col_c, Result
aaa, bbb, ccc, 1
ddd, eee, fff, 2
ggg, hhh, iii, 3
However, when output, the order of col_a, col_b, col_c, will change.
I think it is because it is sorted when uploading.