Hi, I'm new to splunk and would like some help with tackling my task at hand,
-
NO INDEX DATE STIME ETIME REP ACTIVITY RESULT ID TYPE PLACE
17892 4/10/2015 14:13:48 14:14:03 15 CYCLE_REP GOOD NONE ONE_TIME T
Date , Time ,Model ID,SEATPAD ID,OffsetA,OffsetB,SEATPAD Type,Result,Job,
4/10/2015,12:14:06,KC10,1,0.2,-1,101,FAILED,C:\ONE_TIME\Type\NO A.mdb,
4/10/2015,12:14:06,KC2,2,0.3,-0.3,102,GOOD,C:\ONE_TIME\Type\NO A.mdb,
4/10/2015,12:14:06,KC2,3,-0.5,-0.02,103,GOOD,C:\ONE_TIME\Type\NO A.mdb,
4/10/2015,12:14:06,KC90,4,-0.5,-1,104,FAILED,C:\ONE_TIME\Type\NO A.mdb,
4/10/2015,12:14:06,KC90,5,-0.03,-2,105,FAILED,C:\ONE_TIME\Type\NO A.mdb,
4/10/2015,12:14:06,KC10,6,-0.04,-0.6,106,FAILED,C:\ONE_TIME\Type\NO A.mdb,
-
How do I indexed the one time header on top of the real header as the sample above? When the csv file is added to splunk, only the header which starts at Date, Time, Model ID.....,Job, is indexed and fields can be extracted. The header on top of that and the information that comes with it, is ignored. Any help is welcomed.
I have tried changing the props.conf, which indexed at line NO INDEX.., but then I cannot extract the field properly, since the other information doesn't use the same header.
↧
