Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to extract txt format application logs into splunk?

pratikgujar
Explorer
‎03-23-2022 10:23 PM

Hi all,

Need help for the below qery

I have st of application logs and all are in text format which are genratng every day.

So i need to send all those logs to the splunk with proper field extraction.

Please assist.

 

 

 

 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-24-2022 01:02 AM

Hi @pratikgujar,

you have to read some documentation or see some videos about Splunk "getting data in" (https://www.google.com/search?q=splunk+getting+data+in&rlz=1C1SQJL_itIT832IT832&oq=splunk+getting+da...) and Splunk search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/WelcometotheSearchTutorial).

Anyway, you have to configure the system where log files are stored, if it's the same system where Splunk is installed you can use the GUI to ingest these data [Settings -- Data inputs -- .Files & Directories], if the fiels are in another system, you have to install a Splunk universal Forwarder and configure it to take the logs and send them to Splunk.

When you have these logs on Splunk you have to extract (parse) the fields using regexes, I cannot help you more without having a sample of your data.

Anyway, my hint is to read documentation and/or see some video about getting data in and searching.

Ciao.

Giuseppe

Reply

pratikgujar
Explorer
‎03-24-2022 05:29 AM

@gcusello thanks for the comment.

I have gone through the document.But here my query is that I have bunch of application data that too colleting on one server and from there I am collecting the same with he help of UF.

But the data is not in CSV format its in text format and I need to mapp the fields for the same.Alhough its not in csv so facing challenges to exract fields.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-24-2022 06:05 AM

Hi @pratikgujar,

ok, let me understand:

  • you have log data on another server than the Splunk server,
  • you already take these logs using an UF,
  • so you have these logs in Splunk,
  • you have to parse these logs (extract fields) to use them in searches;

is this correct?

If this is your situation, if you could share your logs, highlighting the fields you want to parse I can hep you, otherwise, you could follow the hint of @diogofgm and use the Interactive field extractor.

Ciao.

Giuseppe

Reply

pratikgujar
Explorer
‎03-24-2022 09:07 PM

@gcusello Thanks for suggestions.

I Will follow the solution provided by @diogofgm 

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎03-24-2022 05:42 AM

Have you met the interactive field extractor? 🙂

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX

 

------------
Hope I was able to help you. If so, some karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...