We are reporting events in a CSV format using a comma deliminated structure. Example below:
,playerID04,player01,client002,clip_started,false,active,,237
Essentially this is a list of info sent when an event happens, comprised of:
player ID, player type, client ID, the event type (clip_started), parameter1, parameter2, video ID (237 in this instance).
In the 1st instance it is the video ID that I am after
What I want to produce is a list or table of these video IDs, showing how many times they show, or are associated with the 'clip_started'. The video ID isn't named as such, but it always appears in the same position within the data, ie. after the 8th comma. Is there a way for me to tell splunk that this is a VIDEO-ID, to extract this number in a repeatable way?
To further expand on this, is there a way for em to tell splunk the names of all of these fields, and for splunk to automatically 'name' them as fields that I can then filter and search by.
thanks
... View more