I've a CSV file like the one reported below, and on my UF I've added the following props but on the search heads the events are not parsed.
props.conf
[sourcetype]
FIELD_HEADER_REGEX=#LineAboveHeader\n(.*)
FIELD_DELIMITER=,
CSV example
#LineAboveHeader
"Header1","Header2","Header3","Header4"
"Field1", "Field2", "Field3", "Field4"
"Field1", "Field2", "Field3", "Field4"
"Field1", "Field2", "Field3", "Field4"
What I would like is that splunk sees the headers and import the field names, and then create an event for each line.
↧