All Apps and Add-ons

Unable to find double-byte characters in Okta Identity Cloud add-on for Splunk

shomatsuo
New Member

When Okta Identity Cloud Add-on for Splunk saves log data in okta into Splunk, Japanese letters are converted into Unicode-escaped state and not unescaped.


example:
Letters "田中" in original log are saved in splunk as converted letters, that is, "\u7530\u4e2d".


Therefore, we cannot reach logs we would like to see by searching with Japanese letters.
example:
I expect the statement below to search logs including "田中", but actually nothing are found:

index="okta_logs" 田中

To fix this, I think you need to modify the source code of Okta Identity Cloud add-on.
I ask Okta Identity Cloud Add-on for Splunk to have a function to Unicode-unescape multi-byte letters.

Labels (1)
0 Karma

mbegan
New Member

Hello Shomatsuo,

I've created an issue on the github repo for this add-on

https://github.com/mbegan/Okta-Identity-Cloud-for-Splunk/issues/28

0 Karma

shomatsuo
New Member

The field definition values are utf-8 encoded by Splunk, so that's okay.
However, field definitions are not a solution because I want to perform a full-text search.

Even if it is re-indexed in the summary index, it will be encoded in utf-8. However, it wastes storage space and degrades real-time performance, so it is not good solution.

0 Karma