Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Index list type data using props.conf

bnakkella
New Member
‎09-30-2020 10:01 PM

Hi,

I have a sever with splunk enterprise installed to monitor a directory containing <sample-filename>.gz files

Each file is of the below format and need to create a sourcetype that can 

1. Ignore lines staring with //

2. Map the vales in [ ] to a standard header

----------------------------------------------------

[1599249608,75972,"sample@user.ca",638744076,1,861,337,3,"9","http",80,388951746,"http://abc.com",0,"","","","empty","Sample Filtering","","ctldl.windowsupdate.com","GET",21,3,126]

// random info here

// something something random

-------------------------------------------------------

Tried various strategies but filed. Looking for you help.

 

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎10-01-2020 03:50 AM

provide field header.

————————————
If this helps, give a like below.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...