All Apps and Add-ons

Unable to find double-byte characters in Okta Identity Cloud add-on for Splunk

shomatsuo
New Member

When Okta Identity Cloud Add-on for Splunk saves log data in okta into Splunk, Japanese letters are converted into Unicode-escaped state and not unescaped.


example:
Letters "田中" in original log are saved in splunk as converted letters, that is, "\u7530\u4e2d".


Therefore, we cannot reach logs we would like to see by searching with Japanese letters.
example:
I expect the statement below to search logs including "田中", but actually nothing are found:

index="okta_logs" 田中

To fix this, I think you need to modify the source code of Okta Identity Cloud add-on.
I ask Okta Identity Cloud Add-on for Splunk to have a function to Unicode-unescape multi-byte letters.

Labels (1)
0 Karma

mbegan
New Member

Hello Shomatsuo,

I've created an issue on the github repo for this add-on

https://github.com/mbegan/Okta-Identity-Cloud-for-Splunk/issues/28

0 Karma

shomatsuo
New Member

The field definition values are utf-8 encoded by Splunk, so that's okay.
However, field definitions are not a solution because I want to perform a full-text search.

Even if it is re-indexed in the summary index, it will be encoded in utf-8. However, it wastes storage space and degrades real-time performance, so it is not good solution.

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...