<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Windows platforms italian language in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Windows-platforms-italian-language/m-p/115150#M24110</link>
    <description>&lt;P&gt;Remigio,&lt;BR /&gt;
the "problem" is fields definition. Fields in Splunk can either discoveder automatically by Splunk by default on a syntax like "string=value", or you can simply define them using regex. Field extractions are based on the "sourcetype", that is the "kind" of log data you're analyzing. &lt;/P&gt;

&lt;P&gt;Pre defined sourcetype, like WinEventLog:* rely on english default language to recognize fields. So, you should enhance this by defining new fields extraction for the WinEventLog:* sourcetypes using the string in Italian.&lt;/P&gt;

&lt;P&gt;More about defining fields extractions can be found here: &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Managesearch-timefieldextractions"&gt;http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Managesearch-timefieldextractions&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Regards,&lt;BR /&gt;
Marco Scal&lt;/P&gt;</description>
    <pubDate>Thu, 06 Mar 2014 13:23:34 GMT</pubDate>
    <dc:creator>marcoscala</dc:creator>
    <dc:date>2014-03-06T13:23:34Z</dc:date>
    <item>
      <title>Windows platforms italian language</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Windows-platforms-italian-language/m-p/115149#M24109</link>
      <description>&lt;P&gt;Hi, I'm beginner about this product and I ask for help.&lt;BR /&gt;
I installed the package "splunkforwarder-6.0.1-189883-x86-release.msi" &lt;BR /&gt;
on Windows ENU language and all EventLog are forwarded and parsed correctly so I may build reports/dashboard.&lt;/P&gt;

&lt;P&gt;I've installed the same package on Windows ITALIAN version. &lt;BR /&gt;
The Event Log are forwarded but not parsed correctly.&lt;/P&gt;

&lt;P&gt;This is the begin of original message: &lt;BR /&gt;
Message=Accesso alla rete riuscito:&lt;BR /&gt;
    Nome utente:    Administrator&lt;BR /&gt;
    Dominio:        W2K3ITA&lt;BR /&gt;
    ID accesso:     (0x0,0x1738E4)&lt;BR /&gt;
    Tipo accesso:   2&lt;BR /&gt;
    Processo di accesso:    User32&lt;BR /&gt;&lt;BR /&gt;
.....&lt;BR /&gt;
.....&lt;/P&gt;

&lt;P&gt;I think may be a localized language problem.&lt;/P&gt;

&lt;P&gt;Can someone help me?&lt;/P&gt;</description>
      <pubDate>Wed, 15 Jan 2014 14:34:06 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Windows-platforms-italian-language/m-p/115149#M24109</guid>
      <dc:creator>RemigioGastaldo</dc:creator>
      <dc:date>2014-01-15T14:34:06Z</dc:date>
    </item>
    <item>
      <title>Re: Windows platforms italian language</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Windows-platforms-italian-language/m-p/115150#M24110</link>
      <description>&lt;P&gt;Remigio,&lt;BR /&gt;
the "problem" is fields definition. Fields in Splunk can either discoveder automatically by Splunk by default on a syntax like "string=value", or you can simply define them using regex. Field extractions are based on the "sourcetype", that is the "kind" of log data you're analyzing. &lt;/P&gt;

&lt;P&gt;Pre defined sourcetype, like WinEventLog:* rely on english default language to recognize fields. So, you should enhance this by defining new fields extraction for the WinEventLog:* sourcetypes using the string in Italian.&lt;/P&gt;

&lt;P&gt;More about defining fields extractions can be found here: &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Managesearch-timefieldextractions"&gt;http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Managesearch-timefieldextractions&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Regards,&lt;BR /&gt;
Marco Scal&lt;/P&gt;</description>
      <pubDate>Thu, 06 Mar 2014 13:23:34 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Windows-platforms-italian-language/m-p/115150#M24110</guid>
      <dc:creator>marcoscala</dc:creator>
      <dc:date>2014-03-06T13:23:34Z</dc:date>
    </item>
  </channel>
</rss>

