Re: Does Splunk allow you to validate structure of...

mahbs · ‎11-21-2017

Hi,

I need to be able to validate the format of a file. This entails checking if a date column is actually a date column and if the format of the date value is in the correct format.
I'm not concerned with the content of the data, i.e. im not validating the content, rather I'm more focused on the structure of the data.

Does splunk allow this? And if so how would I go about achieving this?

Thanks

afamoyib · ‎11-22-2017

No splunk does not do this. However you can write a script outside splunk and use that script to validate the file meets the format you want before moving it to a folder splunk is ingesting. This is the work around i used to get around files with weird or unreadable formats to splunk

mahbs · ‎11-22-2017

Could you recommend me the best platform to do this?

lycollicott · ‎11-21-2017

Splunk recognizes lots of file formats (https://docs.splunk.com/Documentation/Splunk/7.0.0/Data/Listofpretrainedsourcetypes)

If your file is something unique to your business then I suggest that you make sure that whatever process which creates it does so correctly.

mahbs · ‎11-22-2017

Hi,

I'm focused mainly on writing queries that basically validates whether a file is in the correct format and then outputting those files that fail validation. I'm not focused on the content, rather the structure - Does Splunk enable this?

lycollicott · ‎11-23-2017

No, it does not. You would have to do that externally.

Does Splunk allow you to validate structure of a file?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation