When Okta Identity Cloud Add-on for Splunk saves log data in okta into Splunk, Japanese letters are converted into Unicode-escaped state and not unescaped.
example:Letters "田中" in original log are saved in splunk as converted letters, that is, "\u7530\u4e2d".
Therefore, we cannot reach logs we would like to see by searching with Japanese letters.example:I expect the statement below to search logs including "田中", but actually nothing are found:index="okta_logs" 田中
To fix this, I think you need to modify the source code of Okta Identity Cloud add-on.I ask Okta Identity Cloud Add-on for Splunk to have a function to Unicode-unescape multi-byte letters.
I've created an issue on the github repo for this add-on
The field definition values are utf-8 encoded by Splunk, so that's okay.However, field definitions are not a solution because I want to perform a full-text search.
Even if it is re-indexed in the summary index, it will be encoded in utf-8. However, it wastes storage space and degrades real-time performance, so it is not good solution.