I'm trying to use CSV (but have also tried DISSECT) to bring data into elastic from a TAB delimitered file , the problem is I just can't get it to recognise a TAB. I'm using a centrally managed pipeline so entering the code directly into kibana using chrome.
example data:
ptime domainid domain maptype ACCID pendname pendip pendclass pendcomm pendmessage
May 10, 2019 7:51:47 AM GMT+00:00 ***1 127.0.0.1 127.0.0.1 Host password No response from Ping
May 10, 2019 7:59:08 AM GMT+00:00 ***1 b*******8 127.0.0.1 Host password No response from SNMP agent, AUTODETECT, SNMP-E-ERESPONSE-No response
Relevant part of the pipeline:
csv {
separator => " "
columns => "ptime","domainid","domain","maptype","ACCID","pendname","pendip","pendclass","pendcomm","pendmessage"
}
The output: Only "ptime" is created and it contains all the message:
Any help would be appreciated.