Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you index images with Splunk?

chustar
Path Finder
‎08-21-2015 11:55 AM

Is it possible to index images in splunk?
I want to gather logs from a certain location, so I specified an index like this:

[monitor://\\path\to\monitor]
whitelist=LOGFILE

However, that location will contain multiple types of data, specifically, logs and images. I want to use those images in my splunk dashboards, so I changed my index.conf to look like this:

[monitor://\\path\to\monitor]
whitelist=(LOGFILE|screenshot\.png)

This doesn't seem to work. I looked into using fschange but it looks like you can't use monitor and fschange on the same directory (according to: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf?utm_source=answers&utm_medium=in...)

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jensonthottian
Contributor
‎08-21-2015 12:50 PM

A creative solution :

If you want to monitor the images using Splunk.
Create an active script which will update a text file whenever an image is added into a directory prefixing it with the timestamp(add size if you want) the image was put into the directory.
Then index this text file in Splunk 🙂

View solution in original post

Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎08-21-2015 04:16 PM

You could use the Command Modular Input to execute a command that looks in a directory , finds images files and indexes those image file paths/names in Splunk.

image_lister.sh

#!/bin/sh

find /Users/ddallimore/Desktop -type f -exec file {} \; | awk -F: '{ if ($2 ~/[Ii]mage|EPS/) print $1}'

Setup a Command Modular Input stanza to fire the image_lister.sh command

alt text

Search in Splunk

alt text

Preview file
1 KB
Preview file
1 KB
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎08-21-2015 03:53 PM

Are you sure Splunk is the right tool for this situation? Whenever people are working with documents, I usually suggest MarkLogic which has tools to help you generate the metadata that you are describing. It is an incredible product and does things in a totally different way than Splunk and is better suited for non-plain-text data sources:
http://www.marklogic.com

P.S. These are the main guys that swooped in and made HealthCare.gov actually work; without them, it probably never would have.

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎08-21-2015 05:21 PM

Fair point, but I think you mean MarkLogic, not Mark/Space. http://www.marklogic.com/customers/healthcare-gov/

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎08-22-2015 07:17 AM

Thank you for the correction; I have updated my answer.

0 Karma
Reply
Solved! Jump to solution
Solution

jensonthottian
Contributor
‎08-21-2015 12:50 PM

A creative solution :

If you want to monitor the images using Splunk.
Create an active script which will update a text file whenever an image is added into a directory prefixing it with the timestamp(add size if you want) the image was put into the directory.
Then index this text file in Splunk 🙂

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-21-2015 12:24 PM

I don't think so Splunk is a tool for this requirement (indexing image). I believe you'd need some bigdata solution to store that and then you can use Splunk HUNK to do image search.

0 Karma
Reply
Solved! Jump to solution

chustar
Path Finder
‎08-21-2015 02:14 PM

I really just wanted the file names so I can embed them in the dashboard. No need for bigdata solutions

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...