Hey guys,
I'm back with an another question, the goal is to add data (CSV file ) as a source to splunk by a script. Without to proceed by adding it With Upload button.
So i really need, is to know the real format of files whene they're in Splunk. because last time a added a lookups files directly by going to the right path. the problem here is whene i add CSV file as a Source and i look in Splunk it doesn't keep the same format, i guess it's a deal with input.conf file.
Thanks again for your help.
By far, the easiest way to inject data by script is to use the oneshot
method; search for "oneshot" and read about it here:
http://docs.splunk.com/Documentation/Splunk/6.2.4/Data/MonitorfilesanddirectoriesusingtheCLI
I've installed many CSV files in Splunk from the command line. The format is a simple text file using the line endings appropriate for the platform (Linux, in my case). I've never had to change inputs.conf for my CSVs. Make sure you're putting the files in the right location - $SPLUNK_HOME/etc/apps/myapp/lookups or $SPLUNK_HOME/etc/system/lookups.
Here you're talking about lookups files ..but this not what i want to do ..what i want is to add them like a Source.
Please explain what you mean by "like a Source". What exactly do you intend to do with the files?
In splunk you can manage files by upload them directly (the first page) or by uploading them like a lookups file.
if you upload them directly they're indexed like a source not like a lookup file.
So you want to index your CSV. Perhaps this answer http://answers.splunk.com/answers/260391/how-to-add-data-to-splunk-with-custom-source-and-s.html will help.