How would we go about telling this machine to forward its Exchange logs to our Splunk server now?. As long as your data is consistently delimited…say with a space, comma, or tab…you can teach Splunk how to separate the data and how to label each field. Field Enablement and Productivity is a strategic imperative for our organization. Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question. While automatic extraction is highly desirable, we believe empowering our users with tools to apply their domain knowledge is equally important. In the Add Application window, select Others as an application. If a field includes decimal values then it round offs to nearest two decimal point. /splunk help search-fields. You're already familiar with the fields that Splunk extracted from the Web access logs based on your search. Welcome to Splunk Answers! Not what you were looking for? Refine your search. conf* and it requires manual specification of the field names (no automatic field name detection). The intent of this app is to provide a simple interface for analyzing text in Splunk using python natural language processing libraries (currently just NLTK 3. AboutMe*! Splunk*Senior*Instructor*since*2009* Frequentcontributor*to*Splunk*Answers* Love*Splunk*search*language*puzzles* 3. Fields sidebar: Relevant fields along with event counts. csv extension. To configure the input file to get logs. This information can always be changing, so there is no set number of characters. One of the fields in my data is the form "lastname,firstname". You can chain multiple eval expressions in one search using a comma to separate subsequent expressions. This Splunk Query shows if there is a time offset on your Splunk servers. fields Description. txt) or read book online for free. search_terms_field must be a comma separated list of terms. The following log contains one to three host names in each events;e. For example to make sure that "INFO" values are green, WARN's are orange and ERROR's are red, set the value like so: INFO,#1a9035,ERROR,#b22b32. When Splunk executes a search and field discovery is on, Splunk attempts to identify fields automatically for the current search. In addition to specifying which fields to return you can also tell Splunk not to return certain fields. Usage of Splunk EVAL Function : MVZIP Usage of Splunk EVAL Function : MVZIP This function takes maximum 3 arguments ( X,Y,Z) X and YContinue reading X and Y will be multi-value fields and Z is the delimiter. Then, set the KV_MODE in splunk props. Note: For information about timestamp processing options for syslog events, see Syslog and timestamps in Splunk Add-ons. Access the help page about Splunk search and real-time search with:. The field values are separated by comma so FIELD_DELIMITER=, is used. SplunkLive is a global series of events showcasing Splunk customer success. Using Fields and Tags:. Indexes When data is added, Splunk software parses the data into individual events, extracts the timestamp, applies line-breaking rules, and stores the events in an index. Field Extraction: Comma-separated multi-value. I have a csv file that is manually uploaded into splunk. , Denver, CO or 46122). Format results with comma thousands separator. Birmingham, England, United Kingdom 2 weeks ago Easy Apply. If you leave this field blank, the Splunk - HEC forwarder uses the HEC token's default index. As described in my previous post, key-value pair extraction (or more generally structure extraction) is a crucial first step to further data analysis. I am looking to create single value fields from the multivalue fields. conf TOKENIZER, and makemv. My version strips the unnecessary and renames some fields, but feel free to do what you want with it: […]. To exclude a specific field, such as _raw, you specify: | fields - _raw. Welcome to SecKit for Splunk TA Windows’s documentation!¶ This Success enablement content kit provides ready to deploy configuration for Windows Data Collection in a typical organization. Support for generating random NULL values. a=1, or b:2). Get fast answers and downloadable apps for Splunk, the IT Search solution for Log Management, Operations, Security, and Compliance. asked May 23 '18 at 9:14. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, announced today the United States Census Bureau is using Splunk Cloud™ to make its first digital census the most secure, efficient and user-friendly in history. The value of this field must be a valid email address or a comma separated list of email addresses. Are you suffering from too much (or too little) Windows event data in your Splunk environment? This post will teach you how to configure whitelists and blacklists for Windows Event Log inputs, as well as other techniques you can implement to enhance your design strategy. Removing comma "," in a field value in csv file Now i have remove any comma in the filed value because that creates problem when i feed this file to an application. 's profile on LinkedIn, the world's largest professional community. com,jesse,pwcheck. fields [+|-] Required arguments. Field discovery switch: Turns automatic field discovery on or off. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, today announced the results of new research which explores the correlation between an organization's use of data and its business success. And there’s a Good Reason™, too: aggregation, by definition, is a one-way street. Splunk Enterprise Security 830+ Security Apps Splunk User Behavior Analytics Splunk App for PCI Compliance Splunk Phantom. You can import the events and alerts from Cloud Workload Protection into Splunk for further monitoring and analyzing. Splunk Software Development Kit for Java. Either csv or search_terms_field parameter is required. Hidden fields in a data model: The eval command overwrites field values in the Splunk index True False. This topic is going to explain you the Splunk Rex Command with lots of interesting Splunk Rex examples. The source to apply the regular expression to. Unfortunately, however, this is only available through transforms. /splunk restart. Splunk ignores and truncates thousand separator commas in automatically identified numeric field. Indexes When data is added, Splunk software parses the data into individual events, extracts the timestamp, applies line-breaking rules, and stores the events in an index. Check Point "Log Exporter" is an easy and secure method for exporting Check Point logs over syslog. This tutorial uses the term “string” to indicate the text that the regular expression is applied to. Removing comma "," in a field value in csv file Now i have remove any comma in the filed value because that creates problem when i feed this file to an application. As described in my previous post, key-value pair extraction (or more generally structure extraction) is a crucial first step to further data analysis. and Splunk Inc. Welcome to Splunk Answers! Not what you were looking for? Refine your search. /splunk restart. Indexes When data is added, Splunk software parses the data into individual events, extracts the timestamp, applies line-breaking rules, and stores the events in an index. This Splunk search will show you use and available CPU and Memory statistics. In the SEP Cloud console, go to Settings > Client Application Management page, and press Add Client Application. Just like a CSV (comma-separated value) file or a weblog file, it is assumed that each entry in the log corresponds to some sort of format. [[email protected] ~]# ls -lrt. If you do not specify a field, all fields are processed for tokens to expand. In Splunk you can use rex/sed or replace to remove control characters before attempting a strptime or other function. You should also see other default fields that Splunk defined--some of these fields are based on each event's timestamp (everything beginning with date_*), punctuation (punct), and location (index). 3 must be statically. Do not specify the name of the token. We have store the values in a new field called Comma_Field. Here method and bytes are existing field names in _internal index. Because commands that come later in the search pipeline cannot modify the formatted results, use the fieldformat command as late in the search. Just like a CSV (comma-separated value) file or a web log file, it is assumed that each entry in the log corresponds to some sort of format. pdf), Text File (. Welcome to SecKit for Splunk TA Windows's documentation!¶ This Success enablement content kit provides ready to deploy configuration for Windows Data Collection in a typical organization. comSign up for a free account on SplunkLoginClick on "FREE SPLUNK"Select "Splunk Enterprise"Select the OS on which you want to install. These are the commands in Splunk which are used to transform the result of a search into such data structures which will be useful in representing the statistics and data visualizations. over the results of the searches. You should also see other default fields that Splunk defined--some of these fields are based on each event's timestamp (everything beginning with date_*), punctuation (punct), and location (index). City and state must be separated by a comma followed by a space (e. Field Sales Consultant. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly. When I run the query it adds an extra field, plus the numeric values are not formatted. Usage of Splunk Rex command is as follows : Rex command is used for field extraction in the search head. This argument formats the Summation field with commas. SQL Split Comma String into Multiple Columns I am newish to SQL (SQL Server 2008), so please excuse any ignorance. I'm building metric reports and learning SPLUNK, which has live access to the server logs. on Wednesday reported a fiscal fourth-quarter loss of $22. Configuring Splunk: Goto bin folder in splunk and. We have used “commas” as an argument with tostring function for eval command. It is really tedious to have to type field-value pair after field-value pair just to search for a list of values in the same field. Splunk makes custom field extraction very easy, especially for delimited files. В колонке « Interesting Fields » вы видите поля, которые Splunk смог распарсить автоматически. The value of this field must be a valid email address or a comma separated list of email addresses. Splunk provides various SDKs that use the REST API for access to a Splunk instance. SplunkLive 2011 Advanced Session "commas")| rangemap field=basketvalue severe=0-50. Use the Cloud Workload Protection APIs to get the events and alerts. Field Extraction: Comma-separated multi-value. Use a comma to separate field values. output) values can be defined in multiple ways Comma delimited text file (csv), Search results saved as lookup […] Posted by Laszlo Pinter July 11, 2017 Posted in DevOps, Splunk Tags: DevOps, Splunk click the field and value in the search result to add it to the. Creating and CRUDing a KV Store in Splunk: Part 1. Hi, let's say there is a field like this:. Viewed 8k times 8. Splunk Inc. Hi, The requirement is as follows: The following are the fields in the Report 1. Splunk in Retail Business 1 Author: Douglas Bernardini 2. If you don't specify one or more field then the value will be replaced in the all fields. This menu also allows you to add a field to the results. The eval command overwrites field values in the Splunk index. This command is used to highlight specific terms in the search result set. I'm doing a stats group by but it is returning values from other fields, not just the "lob" field like below. Census Bureau is connecting data from 35 operations and 52 systems, ranging from cloud-based applications and data warehousing to field. Splunk Software Development Kit for Java. The Splunk App for Phantom is a Phantom app used to connect Phantom to Splunk. Configuring Splunk: Goto bin folder in splunk and. I am creating source definitions in informatica. a=1, or b:2). We would like to have a field called ChangeMv which contains all the host names as multi-value, instead of a single value. With the Splunk integration, you can: Get time critical information to the right person; Get information to a user via push message, SMS, voice or email. File is CSV with Text Delimiter "". Change the names of fields, the units of values stored in fields, the types of data stored in fields, or the attributes of fields. How to add a comma separator to field numeric values using fieldformat command? 1. This example can be followed using a free trial of Splunk, available here. The specific requirements or preferences of your reviewing publisher, classroom teacher, institution or organization should be applied. My version strips the unnecessary and renames some fields, but feel free to do what you want with it: […]. Add more fields after the "BY" keyword to increase the depth of the sunburst. Helm charts associated with kubernetes plug-ins. If a field includes decimal values then it round offs to nearest two decimal point. fields Description. Field Extraction: Multi-line Events Multi-value This configuration example is to extract fields which contain multi-values in an an multi-line event. Here’s the thing. A list of variables for specific types of detection can be found in the DLP Admin Guide under "Response Action Variables. REPORTとTRASNFORMSを使います。 rexコマンド 正規表現でフィールド抽出を行えるコマンド。 コマンドのシンタックスは以下の通り( rex - Splunk Documentation) rex [field=] ( A comma and space-delimited list of () specification to allow for non-exact matching * The available match_type values are WILDCARD, CIDR, and EXACT. /splunk help search-fields. /splunk add forward-server : to configure receiving index (splunk server). He has already installed a Universal Forwarder on this machine. c) all extracted fields. I noticed that in ELK and Sumo Logic, the data fields must be first identified and then configured before it is shipped. conf file) to define your lookups. If you do not specify OUTPUT or OUTPUTNEW, all. You can import the events and alerts from Cloud Workload Protection into Splunk for further monitoring and analyzing. Support for generating random NULL values. Convert every field value to a number value except for values in the field "foo" (use the {{none}} * | convert auto(*) none(foo) argument to specify fields to ignore). Custom Search Time Splunk Fields. Splunk F2 Power User exam Learn with flashcards, games, and more — for free. Let’s look at it. splunk splunk-query splunk-calculation. Examples 1. Security Awareness Blog Series from EMA. Enter previously created API user's username and password into corresponding fields. The sample data I will be using is available here. You can control the search-time field extraction behavior by setting KV_MODE. 5) and Splunk's Machine Learning Toolkit. While automatic extraction is highly desirable, we believe empowering our users with tools to apply their domain knowledge is equally important. In the Events section, update the EventTypeFilter field with any of the following comma. Usage of Splunk Rex command is as follows : Rex command is used for field extraction in the search head. If the destination field for the eval command already exists, it is: tab and comma regex and delimiter. Address Field Autosave - background save process. regex and delimiter. Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk® Light, SPL. If they are using an export tool of some sort, getting the file in that format is very easy to do. Type the name of the application that the credentials are associated with, and then press Add. Census Bureau is connecting data from 35 operations and 52 systems, ranging from cloud-based applications and data warehousing to field. Here's the thing. Note: For information about timestamp processing options for syslog events, see Syslog and timestamps in Splunk Add-ons. snowtbl_fields - key/value pairs in JSON format of the ticket/record fields to be be created/inserted into the table via HTTP POST arguments. The global study, 'What Is Your Data Really Worth?', quantifies the economic impact and. The specific requirements or preferences of your reviewing publisher, classroom teacher, institution or organization should be applied. Field discovery switch: Turns automatic field discovery on or off. The courses in this skill path build a foundational competence with Splunk's core software. This function takes maximum 3 arguments ( X,Y,Z) X and Y will be multi-value fields and Z is the delimiter. Best practices for Splunk alerting; Plotting a linear trendline; Search by time of indexing; Modifying the splunk-search process priority; Intro to Splunk Search Performance; Example: Multi-Value Field Extraction For Multi-line Event; Example: Comma-Separated Multi-Value Field Extraction In Single-line Event. com,Sales Engineer Blondra Blussell,[email protected] This command changes the appearance of the results without changing the underlying value of the field. sysparm_fields - Comma-separated field names to return in the response (ServiceNow Table API parameter - see ServiceNow Table API documentation for more info). Usage of Splunk commands : REPLACE is as follows. csv extension. We have store the values in a new field called Comma_Field. SQL Split Comma String into Multiple Columns I am newish to SQL (SQL Server 2008), so please excuse any ignorance. If you are trying to table two different multivalue fields to match up it's a little more complicated but it's not clear what you want based on your post. Phantom apps that are built by Splunk are installed in Phantom by default, so no installation is required, however, you'll need to configure an asset for it. This includes a basic understanding of SPL searching and reporting commands and creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model in. For example, consider the following data: Sondra Russell,[email protected] If email_subj or email_body or email_footer fields are also present in the results, the first value of those fields for each email_to will set the corresponding field in. Installing Splunk? Navigate to https://www. Splunk makes custom field extraction very easy, especially for delimited files. Removing comma "," in a field value in csv file Now i have remove any comma in the filed value because that creates problem when i feed this file to an application. Security Awareness Blog Series from EMA. You can’t un-average something. Examples 1. The value of this field must be a valid email address or a comma separated list of email addresses. We have used “commas” as an argument with tostring function for eval command. com (another pretty awesome site like this one!). Additional default extractions are easy to add with add-ons and apps. The software company gave investors a weak | March 5, 2020. It is a standard format for producing delimited files because it is common to encounter delimiters in text fields. Using Fields and Tags: The fields sidebar does not show_____. With the above regular expression pattern, you can search through a text file to find email addresses, or verify if a given string looks like an email address. I have a table, called 'temp' that contains one Field, (called Field1) with rows and rows of long comma separated strings, thus:. Splunk makes custom field extraction very easy, especially for delimited files. Command was created because of need identified in Splunk Answers 33662 - Identfying the Search Terms Matched. To make sure field extraction works as intended, use the following string syntax (using spaces and commas is fine):. For this post I’ve used a Windows instance of Splunk, but. Comma separated string representing the pixel width and height of the marker shadow. | rex field= _raw - > this is how you specify you are starting a regular expression on the raw event in Splunk. The Splunk command provided will either extract fields by the use of regular expression named groups or replace characters of fields using the UNIX stream editor (sed) expressions. Field Extraction: Comma-separated multi-value. To use Splunk storage for the credentials. The configured enrichment metadata will be indexed along with raw event data by Splunk. , Houston, TX). See the complete profile on LinkedIn and discover Daniel's. Splunk best practices say to use key/value pairs. As described in my previous post, key-value pair extraction (or more generally structure extraction) is a crucial first step to further data analysis. snowtbl_fields - key/value pairs in JSON format of the ticket/record fields to be be created/inserted into the table via HTTP POST arguments. Usage Of Splunk Eval Function : RTRIM “rtrim” function is an eval function. Let's take the case of our Eventgen data and look at the following example. com,Sales Engineer Blondra Blussell,[email protected] The header means the field names are separated by the comma so HEADER_FIELD_DELIMITER=, is used. Comma delimited text file (csv), Search results saved as lookup table, External script or command, Splunk DB Connect application, Geospatial lookups, KV Store collection. So if we create sources with numeric field while reading date data the informatica will retrieve wrong data because of comma separator in date data. Keeps or removes fields from search results based on the field list criteria. Basic example. Hi guys!! Today, we will show you how to send CSV file with header information. Start studying Splunk Core Certified User & Splunk Fundamentals 1. asked May 23 '18 at 9:14. It is built on Cisco's PSIRT openVuln API and the Splunk SDK (note that this is not an offical product of Cisco). The problem is that one of the fields (Desc field) contains commas and "" as well, totally throwing the import off. You can control the search-time field extraction behavior by setting KV_MODE. Now i have remove any comma in the filed value because that creates problem when i feed this file to an application. Community:Extracting ISA Fields. KV Stores in Splunk are nothing more than Mongo Databases, so they allow us to easily apply CRUD (Create / Read / Update / Delete) to our data. | rex field= _raw - > this is how you specify you are starting a regular expression on the raw event in Splunk. SplunkLive is a global series of events showcasing Splunk customer success. How to use Regex in Splunk searches Regex to extract fields # | rex field=_raw "port (?. The list of fields must be comma-delimited. This command will replace the string with the another string in the specified fields. Extracting new fields. In the Add Application window, select Others as an application. IndustrialDataForwarderforSplunk UserInterface TheIDFforSplunkplug-ininterfaceconsistsofatoolbar,aConnectionView,aDetailView,andanEventLog. Differences between SPL and SPL2 List of fields must be comma-delimited. Get fast answers and downloadable apps for Splunk, the IT Search solution for Log Management, Operations, Security, and Compliance. Field Extraction: Comma-separated multi-value. Note: For information about timestamp processing options for syslog events, see Syslog and timestamps in Splunk Add-ons. Extraction of a field containing a comma. and this is what the auto_escaped value will do (taken from the documentation). The intent of this app is to provide a simple interface for analyzing text in Splunk using python natural language processing libraries (currently just NLTK 3. Contribute to splunk/splunk-sdk-python development by creating an account on GitHub. I want to add a comma separator to the field numeric values. Nmon Performance monitor application is a global solution for Splunk, as such this is a rich and complete application that implies some costs you will want to control and monitor. File is CSV with Text Delimiter "". /splunk help search-fields. Either csv or search_terms_field parameter is required. Just like a CSV (comma-separated value) file or a weblog file, it is assumed that each entry in the log corresponds to some sort of format. I want to add a comma separator to the field numeric values. pdf), Text File (. Usage of Splunk commands : REPLACE. The following log contains one to three host names in each events;e. AboutMe*! Splunk*Senior*Instructor*since*2009* Frequentcontributor*to*Splunk*Answers* Love*Splunk*search*language*puzzles* 3. In the Add Application window, select Others as an application. the date is located in the 4th comma delimited field and the time is. In Splunk you can use rex/sed or replace to remove control characters before attempting a strptime or other function. , Oracle Corp. Here's the thing. fail; Indexer. ) a) interesting fields b) selected fields c) all extracted fields. Welcome to Splunk Answers! Not what you were looking for? Refine your search. We have store the values in a new field called Comma_Field. The specific requirements or preferences of your reviewing publisher, classroom teacher, institution or organization should be applied. share | improve this question. Splunk eval command. I have a table, called 'temp' that contains one Field, (called Field1) with rows and rows of long comma separated strings, thus:. Usage of Splunk Rex command is as follows : Rex command is used for field extraction in the search head. ThreatScape® App for Splunk Overview, Installation and Configuration December 23, 2015 !!. In some source fields date value is read by numeric fields. For example, consider the following data: Sondra Russell,[email protected] File is CSV with Text Delimiter "". See the complete profile on LinkedIn and discover Utkarsh's. Format results with comma. Usage of Splunk EVAL Function : MVZIP. CSV) files or to other enterprise data stores such as Hadoop or NoSQL. Let’s say you want to identify the name of a particular employee or want to find the employee ID. Thank you Splunk! For example, suppose in the "error_code" field that you want to locate only the codes 400, 402, 404, and 406. SecKit for Splunk TA Windows Documentation 2. Splunk providesaTime-Picker, givingyou flexibilitytosearchreal-time data, relative time ranges,suchasprevious businessweek,last30 minutes,orall time. The following log contains one to three host names in each events;e. Search commands targeting versions of Splunk prior to 6. Either csv or search_terms_field parameter is required. Splunk ignores and truncates thousand separator commas in automatically identified numeric field convert comma numeric featured · edited Apr 26, '15 by lguinn2 56. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings. I am doing it on comma delimiter basis. As described in my previous post, key-value pair extraction (or more generally structure extraction) is a crucial first step to further data analysis. Fields sidebar: Relevant fields along with event counts. for example below are two sample records, the second record have a comma in "Salesforce. Splunk Enterprise Security 830+ Security Apps Splunk User Behavior Analytics Splunk App for PCI Compliance Splunk Phantom. If a field is not specified then the provided regular expression will be applied on the _raw field, which will definitely have a performance hit. To import the events and alerts into Splunk. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, today announced the results of new research which explores the correlation between an organization's use of data and its business success. By default, the internal fields _raw and _time are included in output in Splunk Web. ThreatScape® App for Splunk Overview, Installation and Configuration December 23, 2015 !!. Here’s the thing. Be cautious removing the _time field. Hidden fields in a data model: The eval command overwrites field values in the Splunk index True False. You typically don't need to change this value unless you increase or decrese the markerSize. You are wanting to utilize the Splunk add-on in conjunction with Symantec Data Loss Prevention (DLP) 12. All configuration related to SMS Gateway settings messages is done from the Apps -> SMSEagle -> Configuration. I'm building metric reports and learning SPLUNK, which has live access to the server logs. Extraction of a field containing a comma. CSV) files or to other enterprise data stores such as Hadoop or NoSQL. Splunk makes custom field extraction very easy, especially for delimited files. /splunk help rtsearch Also, use objects search-commands, search-fields, and search-modifiers to access the respective help descriptions and syntax:. Comma separated string representing the pixel width and height of the marker shadow. com,Sales Engineer Blondra Blussell,[email protected] regex and delimiter. It is built on Cisco's PSIRT openVuln API and the Splunk SDK (note that this is not an offical product of Cisco). Splunk DeveloperHaving 4 to 7 Years of experienceEducation : Any GraduateLocation : PuneJob Description :1. Custom Search Time Splunk Fields. Examples 1. Now that lookup tables exist, the information to lookup needs to be extracted from the source logs. This command will compute the sum of numeric FIELDS within EVENTS and place the result in a new field a. The point is - how to correctly parse the JSON to apply date-time from dateTime field in JSON to _time in Splunk. Set to 0,0 to disable shadows. This duration starts after the initial attempt to send data to Splunk fails. /splunk help search-modifiers Note: The Splunk CLI. Splunk Connect for Kafka. Assuming all of the definition names match up and the CSV file can be found, you should see the additional field(s) in the ‘Other interesting fields’ section of the Field Picker. Splunk Connect for Kafka is a Kafka Connect Sink for Splunk with the following features: Data ingestion from Kafka topics into Splunk via Splunk HTTP Event Collector(HEC). tab and comma regex and delimiter erex and rex. It is built on Cisco's PSIRT openVuln API and the Splunk SDK (note that this is not an offical product of Cisco). Learn vocabulary, terms, and more with flashcards, games, and other study tools. Hidden fields in a data model: The eval command overwrites field values in the Splunk index True False. While automatic extraction is highly desirable, we believe empowering our users with tools to apply their domain knowledge is equally important. conf TOKENIZER, and makemv. sourcetype to specify an alternate value for sourcetype (be very careful when changing this; only do so if a downstream TA is not being used, or a custom TA (built by you) is being used. See the complete profile on LinkedIn and discover Utkarsh's. Splunk F2 Power User exam. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, announced today the United States Census Bureau is using Splunk Cloud™ to make its first digital census the most secure, efficient and user-friendly in history. Splunk App for Phantom. This website highlights them in green. but commas or spaces separate the fields a. With Splunk, the U. csv file in which data fields can contain commas and to make our task easy (in short more complicated|) they have added quotes ("" "") in the data fields wherever comma is appearing.