Events-csv User Manual
Internal
Overview
"csv" assumes that the input file or piped content is text comma-separated content and parses it, generating events, which then are optionally filtered by the query and processed depending on the command specified on command line.
csv [command] [query] <input-file.csv>
The default command, which does not need to be specified on the command line, is output: the CSV content is parsed and the resulted events are optionally filtered and displayed at stdout:
csv [query] [-o output-spec] <input-file.csv>
Alternatively, the content can be sent into "csv" with a pipe:
tail -f input.csv | csv [command] [query]
Concepts
Commands
output
This is the default command, and does not need to be specified on the command line. More details about the output specification is available here:
headers
csv header|headers [--first|--last] ./sample.csv
Scan the CSV stream and display the headers, as they are identified in the stream. The command displays the header's line number, the timestamp of the event that immediately follows the header, and then:
- the index that can be used to access the value that corresponds the header in a data lines. The index can be used for index-based output.
- the header name.
- the header type.
- optionally, the header format.
Usage Example:
csv headers ./sample.csv line 1 header, applies to events recorded on 12/01/16 00:00:00 and after: 0: timestamp(time:MM/dd/yy HH:mm:ss) 2: color(string) 3: size(int)
Modifiers
--first
Display the first encountered header and exit.
--last
Display the last encountered header, without displaying all previous ones, and exit.