topic Re: How to extract txt format application logs into splunk in Getting Data In

How to extract txt format application logs into splunk?

pratikgujar — Fri, 25 Mar 2022 20:54:22 GMT

Hi all,

Need help for the below qery

I have st of application logs and all are in text format which are genratng every day.

So i need to send all those logs to the splunk with proper field extraction.

Please assist.

Re: How to extract txt format application logs into splunk

gcusello — Thu, 24 Mar 2022 08:02:23 GMT

Hi @pratikgujar,

you have to read some documentation or see some videos about Splunk "getting data in" (https://www.google.com/search?q=splunk+getting+data+in&rlz=1C1SQJL_itIT832IT832&oq=splunk+getting+data+in&aqs=chrome.0.69i19i59j0i19j69i59l2j69i60l3.4744j0j7&sourceid=chrome&ie=UTF-8) and Splunk search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial).

Anyway, you have to configure the system where log files are stored, if it's the same system where Splunk is installed you can use the GUI to ingest these data [Settings -- Data inputs -- .Files & Directories], if the fiels are in another system, you have to install a Splunk universal Forwarder and configure it to take the logs and send them to Splunk.

When you have these logs on Splunk you have to extract (parse) the fields using regexes, I cannot help you more without having a sample of your data.

Anyway, my hint is to read documentation and/or see some video about getting data in and searching.

Ciao.

Giuseppe

Re: How to extract txt format application logs into splunk

pratikgujar — Thu, 24 Mar 2022 12:29:02 GMT

@gcusello thanks for the comment.

I have gone through the document.But here my query is that I have bunch of application data that too colleting on one server and from there I am collecting the same with he help of UF.

But the data is not in CSV format its in text format and I need to mapp the fields for the same.Alhough its not in csv so facing challenges to exract fields.

Re: How to extract txt format application logs into splunk

diogofgm — Thu, 24 Mar 2022 12:43:09 GMT

Have you met the interactive field extractor? 🙂

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX

Re: How to extract txt format application logs into splunk

gcusello — Thu, 24 Mar 2022 13:06:48 GMT

Hi @pratikgujar,

ok, let me understand:

you have log data on another server than the Splunk server,
you already take these logs using an UF,
so you have these logs in Splunk,
you have to parse these logs (extract fields) to use them in searches;

is this correct?

If this is your situation, if you could share your logs, highlighting the fields you want to parse I can hep you, otherwise, you could follow the hint of @diogofgm and use the Interactive field extractor.

Ciao.

Giuseppe

Re: How to extract txt format application logs into splunk

pratikgujar — Fri, 25 Mar 2022 04:07:30 GMT

@gcusello Thanks for suggestions.

I Will follow the solution provided by @diogofgm