Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to ingest binary files to splunk?

Emyamy
Explorer
‎09-04-2022 08:56 AM

Hi Splunkers,

How to ingest binary files to splunk? i get error ," ignored due to binary file".

Any help would be appreciated.

Many thanks

Emy

 

 

Labels (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-04-2022 09:58 AM

Splunk is a text-based platform and so will not ingest binary files.  It makes little sense to do so since Splunk will not be able to search or visualize the binary data 

What is your use case?  Perhaps there is another solution.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Emyamy
Explorer
‎09-05-2022 01:04 AM

is there any charset attribute which help converts binary to human readable format?

so i would use it in my props on forwarder.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-05-2022 06:54 AM

See if this answer helps you.  https://community.splunk.com/t5/Getting-Data-In/How-to-Splunk-the-SAP-Security-Audit-Log/m-p/380913

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Emyamy
Explorer
‎09-05-2022 01:03 AM

Hi @richgalloway 

I'm trying to onboard SAP Audit log files to splunk but it is in binary format. 

i used below props.conf but doesn't seem to be working as expected.

[sap:test]
CHARSET=UTF-16LE
NO_BINARY_CHECK=false
detect_trailing_nulls = false
inputs.conf:

[monitor:///monitoring_path]
index = sap_testindex
sourcetype = sap:test

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Developer Spotlight with Mika Borner

From Hackathon Winner to Enterprise Leader    Mika Borner, CEO and Founder of Datapunctum AG, has been ...

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...