I have .csv file which would be on-boarded into Splunk using Monitor. It has two specific requirements as below:
So, can anyone please help me how to
1. write the inputs.conf, props.conf or transforms.conf(if require)?
2. how to write the field extractor in Search Head?
Thanks in advance.
Hey@rajim,
For the second point splunk will take care by itself.
Refer this link:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Monitorfilesanddirectories
For the first point if you want the 17th line to be your header than add following to your props:
HEADER_FIELD_LINE_NUMBER = 17
CHECK_FOR_HEADER=true
Let me know if this helps!!