curl -k "http://host:8088/services/collector/?sourcetype=csv& index=csv_data" \
-H "Authorization: Splunk < token key >" \
-d 'a,b,c
1,3,4
2,4,5
'
The above call returns success. but when I see the index data in Splunk search, I see all the fields in one column _raw along with other fields like host, source etc
_raw
a,b,c
1,3,4
2,4,5
I want to see the fields to be separated by comma. I want the below output . with a, b, c as field names
a b c
1 3 4
2 4 5
You need to build a python for processing that:
https://answers.splunk.com/answers/638770/http-event-collector-and-csv-files.html
@tiagofbmm is right. HEC is not a file submission method. it. is an event submission method. Reading and sending the csv is on your code.