Dashboards & Visualizations

How to add zip file containing xml Log data

20065945
Explorer

Hi I have 2 zip file that I want to add into Splunk.
1 is of 50 GB containing three folders that are filled with XML log files
other is a normal file that is containing XML files...no folders

How can I add these two files in Splunk...Pls suggest

Tags (4)
0 Karma
1 Solution

strive
Influencer

The getting data in manual explains different ways to get data into your splunk instance.
If it is going to be one time data input then you can make use of Splunk Web
http://docs.splunk.com/Documentation/Splunk/6.1.2/Data/UseSplunkWeb

You can also place the files in some directory and configure your splunk instance to monitor that directory.

If you have any doubts on what kind of data splunk indexes. Here it is: Splunk Enterprise decompresses archive files before it indexes them. It can handle these common archive file types: tar, gz, bz2, tar.gz, tgz, tbz, tbz2, zip, and z.
More information at: http://docs.splunk.com/Documentation/Splunk/6.1.2/Data/Monitorfilesanddirectories

Follow similar related questions
alt text

View solution in original post

strive
Influencer

The getting data in manual explains different ways to get data into your splunk instance.
If it is going to be one time data input then you can make use of Splunk Web
http://docs.splunk.com/Documentation/Splunk/6.1.2/Data/UseSplunkWeb

You can also place the files in some directory and configure your splunk instance to monitor that directory.

If you have any doubts on what kind of data splunk indexes. Here it is: Splunk Enterprise decompresses archive files before it indexes them. It can handle these common archive file types: tar, gz, bz2, tar.gz, tgz, tbz, tbz2, zip, and z.
More information at: http://docs.splunk.com/Documentation/Splunk/6.1.2/Data/Monitorfilesanddirectories

Follow similar related questions
alt text

strive
Influencer

Under Related questions section on the right side you have many links which you can refer to. Make use of those links.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...