Refine your search:

Selectively ignoring fields in CSV input?

0

Hey everyone. I am trying to input .csv files. The issue with the files is that the software generating them includes the timestamp numerous times in each line. Here's a rough example:

timestamp,CPU Usage, timestamp, Memory usage, timestamp, temperature, timestamp, license usage, timestamp, SNMP reachability

You get the idea. I don't want to waste space indexing all of the extra timestamp fields. Any advice?

asked 03 Feb '11, 17:25

msarro's gravatar image

msarro
5673437
accept rate: 75%

One Answer:
oldestnewestmost voted
0

You can use an index time TRANSFORM, or more likely a SEDCMD to modify the data before it goes into the index: http://www.splunk.com/base/Documentation/4.1.6/Admin/Anonymizedatawithsed

link

answered 03 Feb '11, 20:41

gkanapathy's gravatar image

gkanapathy ♦
32.4k4827
accept rate: 41%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×181

Asked: 03 Feb '11, 17:25

Seen: 1,503 times

Last updated: 01 Apr '11, 18:22

Related questions

Splunk seems to be ignoring TIME_FORMAT setting

Matching rex-defined fields against a csv file containing subnets

Splunk search of indexed CSV file does not pull out all the fields

best way to define fields for a csv with no headers

mapping headers to data in csv

How do I configure data inputs for .csv files with dynamic field headers for a new event on each line

Splunk CSV comma handling != Excel comma handling

splunk field extraction csv

Copyright © 2005-2012 Splunk Inc. All rights reserved.