I'm trying to monitor a CSV file (via a UF) with column headings included in the file. I want the column headings to be extracted at search time.
Sample file output:
"Name","DatabaseSize","UsedDatabaseSpace","AvailableNewMailboxSpace","NumMailboxes","TotalItemCount"
"SFG-DB01","306.9 GB (329,503,997,952 bytes)","257.1 GB (276,068,106,240 bytes)","49.77 GB (53,435,891,712 bytes)","223"
"SFG-DB02","350.4 GB (376,212,291,584 bytes)","300.7 GB (322,833,514,496 bytes)","49.71 GB (53,378,777,088 bytes)","362"
"SFG-DB03","308.6 GB (331,383,570,432 bytes)","236.1 GB (253,546,692,608 bytes)","72.49 GB (77,836,877,824 bytes)","151"
inputs.conf:
[monitor://E:\fileName*.csv]
index = test
sourcetype = mySourcetypeLog
ignoreOlderThan = 24h
crcSalt =
props.conf:
[mySourcetypeLog]
SHOULD_LINEMERGE = false
REPORT-getfields = mySourcetypeLog_fields
transforms.conf:
[mySourcetypeLog_fields]
DELIMS=","
FIELDS = "Name","DatabaseSize","UsedDatabaseSpace","AvailableNewMailboxSpace","NumMailboxes","TotalItemCount"
When I run a oneshot, the data is ingested correctly (one event per log record) but the extracted fields are not showing up.
Any help would be appreciated.
Thanks.
... View more