Getting Data In

How can I change splunk default parser and use my own way of re-arranging data?

MarcHelou
New Member

let's say i have a file that I would like to input it to splunk.
but I want to have a better parser, a smarter one. how can I change the way splunk handles the incoming streams, not just taking each line by its own but applying my own code on how to arrange streams of data.

0 Karma

woodcock
Esteemed Legend

File a P1 Enhancement Request (there already is one for this).

0 Karma

MarcHelou
New Member

can you be more specific please?
Do you mean the support programs?
in other ways what I am trying to look for is a way to change the parser in splunk, so splitting income data happens in a different way than what splunk offers

0 Karma

davebrooking
Contributor

Can you provide some examples of how the data may appear in the original file, and how that data should then be indexed by Splunk?

0 Karma

micahkemp
Champion

Have you looked into Modular Inputs?

0 Karma

MarcHelou
New Member

Yes but I want to try and change how splunk arranges tuples from incoming streams and not only post each line as an event, for anonymity purposes. I want to specify how it cuts the incoming data into event and how to index them depending on several factors

0 Karma
Get Updates on the Splunk Community!

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...