I have a csv where there are 5 columns and the number of rows is 1000. I have indexed that csv as continuous monitoring. If a new row is added into the same csv it should be automatically pushed to new csv which I have created in Splunk. this can be done based on the any calculation. Is this possible?
Hikavyamohan,
you have a continuous monitoring, so the new row is read and indexed by Splunk, to add this row to your csv you have two choices:
The first choice is the easiest because you have to run your search and use the command outputlookup at the end (see https://docs.splunk.com/Documentation/Splunk/7.3.2/SearchReference/Outputlookup ).
The second requires that you filter the results of your search using the existing csv.
Ciao.
Giuseppe
Hikavyamohan,
you have a continuous monitoring, so the new row is read and indexed by Splunk, to add this row to your csv you have two choices:
The first choice is the easiest because you have to run your search and use the command outputlookup at the end (see https://docs.splunk.com/Documentation/Splunk/7.3.2/SearchReference/Outputlookup ).
The second requires that you filter the results of your search using the existing csv.
Ciao.
Giuseppe