How to index HTML files?

sergeyvinnik · ‎06-25-2014

I have source log files with HTML formatting. After indexing I get 12000 lines in one record.
I need to remove HTML mark-ups to index every particular line in the log file.
Can I do it in Splunk?
What source type should I use?

LukeMurphey · ‎07-09-2014

There is an app called Website Input that was designed to pull information from websites. That might handle your case if the HTML files are accessible via an HTTP server.

sergeyvinnik · ‎06-25-2014

Can I use TRANSFORM with following REGEX?

/<[a-zA-Z_/=]*>/ /g

It should replace all tags like .. by spaces

edschembor · ‎06-26-2014

Remember tho that this transformation will have to occur everytime you run the query. It would be much more efficient to create script to pre-process and just do it once

chanfoli · ‎06-25-2014

If I understand correctly, you want to strip HTML tags from an input file. I do not believe that any built-in sourcetype or extraction is going to handle this. I would approach this by pre-processing the logs. Many scripting languages have facilities to strip tags out of streams/files. It is probably something you could do with a SEDCMD or regex transform, but that may not be the best way to go.

Regards,
Sean

How to index HTML files?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!