Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Add CSV file as a source by a script

isedrof
Engager
‎08-12-2015 01:43 AM

Hey guys,
I'm back with an another question, the goal is to add data (CSV file ) as a source to splunk by a script. Without to proceed by adding it With Upload button.
So i really need, is to know the real format of files whene they're in Splunk. because last time a added a lookups files directly by going to the right path. the problem here is whene i add CSV file as a Source and i look in Splunk it doesn't keep the same format, i guess it's a deal with input.conf file.
Thanks again for your help.

0 Karma
Reply

woodcock
Esteemed Legend
‎08-12-2015 07:12 AM

By far, the easiest way to inject data by script is to use the oneshot method; search for "oneshot" and read about it here:

http://docs.splunk.com/Documentation/Splunk/6.2.4/Data/MonitorfilesanddirectoriesusingtheCLI

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-12-2015 05:39 AM

I've installed many CSV files in Splunk from the command line. The format is a simple text file using the line endings appropriate for the platform (Linux, in my case). I've never had to change inputs.conf for my CSVs. Make sure you're putting the files in the right location - $SPLUNK_HOME/etc/apps/myapp/lookups or $SPLUNK_HOME/etc/system/lookups.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

isedrof
Engager
‎08-12-2015 05:50 AM

Here you're talking about lookups files ..but this not what i want to do ..what i want is to add them like a Source.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-12-2015 05:59 AM

Please explain what you mean by "like a Source". What exactly do you intend to do with the files?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

isedrof
Engager
‎08-12-2015 06:27 AM

In splunk you can manage files by upload them directly (the first page) or by uploading them like a lookups file.
if you upload them directly they're indexed like a source not like a lookup file.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-12-2015 06:39 AM

So you want to index your CSV. Perhaps this answer http://answers.splunk.com/answers/260391/how-to-add-data-to-splunk-with-custom-source-and-s.html will help.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...