Getting Data In

How to index unstructured text file?

mukundd
New Member

I'm facing issue with indexing unstructured text file. Is there any config setting?

Tags (2)
0 Karma

ashutoshab
Communicator

Can you please mention some more details, such as the file type, contents of the file and what is the issue you are facing.

Splunk does not face any problem with unstructured data. The only requirement is your data should be in ASCII format. Splunk does not worry about whether the data is structured or not, it just needs to be in ASCII format.

There are some possibilities,

  1. Either the data is not a text file / ASCII data.
  2. The data is indexed but you are not able to search them.
  3. You are able to search the data but the fields are not extracted.

Please write details about your issue and we can help to fix them.

0 Karma

mukundd
New Member

Hi Ashutosh,
I've converted pdf file (unstructured) into text file and indexed same.
Issue I'm facing with extracting fields, I've extracted Patient Name, Provider, Date of Birth, Visit Date, however facing issue with extracting columnar data (table) as below (table may having variable no. of rows).

Dx Code
Diagnosis Code Comment
Other fatigue R53.83

Pruritus, unspecified L29.9

0 Karma

DavidHourani
Super Champion

Hi @mukundd,

There are settings in props.conf for your line breakers and other index time actions. Share your text file with us and we can help you with the indexing issue.

You can find all the settings here :
https://docs.splunk.com/Documentation/Splunk/latest/admin/Propsconf

Cheers,
David

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...