Deployment Architecture

Univarsal Forwarder to Heavy Forwarder then convert Binary data to CSV on Heavy Forwarder and then send data to indexer?

ajitshukla
Explorer

1.My universal forwarder sending Binary data to Heavy Forwarder in Index name as "Binary_index" .
2.On heavy Forwarder I want to convert these Binary data to csv format,for which I have written python script and then send CSV data to splunk instance.

But I don't know I to achieve this
please provide me solution with configuration files details for every steps.

It would be great help if you provide detailed solution for this,since I am new to splunk .

please provide the configuration files details for reading binary data on universal forwarder side.

Tags (1)
0 Karma

1206chandra
Explorer

Hi Team,

how we can save binary data using outlookup command and convert it to csv using my python script and send it to splunk instance

0 Karma

vishaltaneja070
Motivator

@ajitshukla

I think you can save it using outlookup command. and can normally forward the data to splunk instance.

0 Karma

ajitshukla
Explorer

how we can save binary data using outlookup command and convert it to csv using my python script and send it to splunk instance

0 Karma

vishaltaneja070
Motivator

There are two things: (for the below approach there is no need to python script)
1. First you can locally index the data and send it to some other server as well. Check the below link:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Routeandfilterdatad
2. Now after data is indexed, you can schedule a report in Splunk where you can outputlookup search results in csv.

0 Karma

ajitshukla
Explorer

but converting binary data to csv logic is inside python script ,So I have to use this python script for binary to csv conversion

0 Karma

vishaltaneja070
Motivator

@ajitshukla

Thats what i am saying there is no need to convert using python. You can do the same login on SPL and send the result using outputlookup.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...