I just started testing splunk storm and have got some machine data (windows event log and application logs are feeding into Splunk).
I am trying to upload a CSV (actually an excel table converted to CSV). The first row of the csv is the field name. I cannot figure out how to get Splunk to see that as the fields. So my data is in splunk, but i can't create queries on the data.
Here is example of the data I want to query:
Wichita,Windows,D040054,"Lowmaster, Darrel","VICKERS,ROBERT",2/2/2013,Derby,KS,CanvassLd,WichitaKS,"FULLERTON,CYNTHIA",,1110,Pending,Paperwork Signed,T,2/2/2013,2013-02,Yes,Wichita,02/02/13
This is what splunk is indexing: host=XX.XXX.###.170 Options| sourcetype=csv Options| source=GrossSalesshort.csv Options| index=4107c2d0707a11e2b3411231390e9c34 Options| linecount=1 Options| punct=,,,",",",",//,,,,,",",,,,,,//,-,,,//,,,,,,,, Options| splunk_server=mt-indexer-i-513c082a.prod-root Options| timestamp=none
Any help would be appreciated. Thanks