Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I change splunk default parser and use my own way of re-arranging data?

MarcHelou
New Member
‎06-14-2017 07:51 AM

let's say i have a file that I would like to input it to splunk.
but I want to have a better parser, a smarter one. how can I change the way splunk handles the incoming streams, not just taking each line by its own but applying my own code on how to arrange streams of data.

0 Karma
Reply

woodcock
Esteemed Legend
‎06-14-2017 10:16 AM

File a P1 Enhancement Request (there already is one for this).

0 Karma
Reply

MarcHelou
New Member
‎06-15-2017 02:24 AM

can you be more specific please?
Do you mean the support programs?
in other ways what I am trying to look for is a way to change the parser in splunk, so splitting income data happens in a different way than what splunk offers

0 Karma
Reply

davebrooking
Contributor
‎06-15-2017 07:57 AM

Can you provide some examples of how the data may appear in the original file, and how that data should then be indexed by Splunk?

0 Karma
Reply

micahkemp
Champion
‎06-14-2017 09:45 AM

Have you looked into Modular Inputs?

0 Karma
Reply

MarcHelou
New Member
‎06-15-2017 03:04 AM

Yes but I want to try and change how splunk arranges tuples from incoming streams and not only post each line as an event, for anonymity purposes. I want to specify how it cuts the incoming data into event and how to index them depending on several factors

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...

The same scenario plays out across financial institutions daily. A payment system fails at 11:30 AM on a busy ...

Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25

Hello Splunkers, Want to attend .conf25 in Boston this year but not sure how to convince your manager? We've ...

Community Spotlight: A Splunk Expert's Journey

In the world of data analytics, some journeys leave a lasting impact not only on the individual but on the ...
Top