Solved: Can you index images with Splunk?

chustar · ‎08-21-2015

Is it possible to index images in splunk?
I want to gather logs from a certain location, so I specified an index like this:

[monitor://\\path\to\monitor]
whitelist=LOGFILE

However, that location will contain multiple types of data, specifically, logs and images. I want to use those images in my splunk dashboards, so I changed my index.conf to look like this:

[monitor://\\path\to\monitor]
whitelist=(LOGFILE|screenshot\.png)

This doesn't seem to work. I looked into using fschange but it looks like you can't use monitor and fschange on the same directory (according to: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf?utm_source=answers&utm_medium=in...)

jensonthottian · ‎08-21-2015

A creative solution :

If you want to monitor the images using Splunk.
Create an active script which will update a text file whenever an image is added into a directory prefixing it with the timestamp(add size if you want) the image was put into the directory.
Then index this text file in Splunk 🙂

View solution in original post

Damien_Dallimor · ‎08-21-2015

You could use the Command Modular Input to execute a command that looks in a directory , finds images files and indexes those image file paths/names in Splunk.

image_lister.sh

#!/bin/sh

find /Users/ddallimore/Desktop -type f -exec file {} \; | awk -F: '{ if ($2 ~/[Ii]mage|EPS/) print $1}'

Setup a Command Modular Input stanza to fire the image_lister.sh command

Search in Splunk

woodcock · ‎08-21-2015

Are you sure Splunk is the right tool for this situation? Whenever people are working with documents, I usually suggest MarkLogic which has tools to help you generate the metadata that you are describing. It is an incredible product and does things in a totally different way than Splunk and is better suited for non-plain-text data sources:
http://www.marklogic.com

P.S. These are the main guys that swooped in and made HealthCare.gov actually work; without them, it probably never would have.

ChrisG · ‎08-21-2015

Fair point, but I think you mean MarkLogic, not Mark/Space. http://www.marklogic.com/customers/healthcare-gov/

woodcock · ‎08-22-2015

Thank you for the correction; I have updated my answer.

jensonthottian · ‎08-21-2015

A creative solution :

If you want to monitor the images using Splunk.
Create an active script which will update a text file whenever an image is added into a directory prefixing it with the timestamp(add size if you want) the image was put into the directory.
Then index this text file in Splunk 🙂

somesoni2 · ‎08-21-2015

I don't think so Splunk is a tool for this requirement (indexing image). I believe you'd need some bigdata solution to store that and then you can use Splunk HUNK to do image search.

chustar · ‎08-21-2015

I really just wanted the file names so I can embed them in the dashboard. No need for bigdata solutions

Can you index images with Splunk?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor