Hi,
I created a Generic csv log collection rule with details as follows:
Target: Windows Computer
Directory: D:\async
Pattern: Async*.csv
Seperator: ,
Expression: Params/Param[1]-matches wildcard- *
Problem is the Csv file has around 50000 records whereas in the eventview of that rule it only shows 16853 records. I also tried with following SQL query but same results.
select * from event.vEvent
where EventNumber=0
(Since this is the only csv rule I've created & I dont have any records with event 0 hence using eventnumber 0)
I've verified first column of csv file (i.e Param[1]) doesn't contains blank records. Tried deleting & recreating Rules + CSV files but no luck.
Please help.