I wrote a script that does the following:
cat $SPLUNK_ARG_8 > /tmp/$SPLUNK_ARG_4.csv
Unfortunately, I am getting lots of characters similar to: 噪 instead of the logs. The logs are in English, and I can read them. The script output is not. I am running Splunk on Redhat. Has anyone encountered this kind of error before?
I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.
I figured it out, but for the sake of clarity: $SPLUNK_ARG_8 is a gzip file. I would like to suggest that this be noted in the docs under the scripting area.
Hope this helps.
Hi @alaking,
I can make a note of this in our documentation.
I noticed that this previous Answers posts also mentions that the raw data file is in gzip format:
https://answers.splunk.com/answers/227220/output-search-results-from-alert-to-syslog-retriev.html
Just so you know, scripted alerts are deprecated. Depending on the software version you have, you might consider a custom alert action instead. Here is a link to our documentation on creating custom alert actions:
http://docs.splunk.com/Documentation/Splunk/6.3.1511/AdvancedDev/ModAlertsIntro
Hope this helps!