Getting Data In

How to ingest binary files to splunk?

Emyamy
Explorer

Hi Splunkers,

How to ingest binary files to splunk? i get error ," ignored due to binary file".

Any help would be appreciated.

Many thanks

Emy

 

 

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk is a text-based platform and so will not ingest binary files.  It makes little sense to do so since Splunk will not be able to search or visualize the binary data 

What is your use case?  Perhaps there is another solution.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Emyamy
Explorer

is there any charset attribute which help converts binary to human readable format?

so i would use it in my props on forwarder.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

See if this answer helps you.  https://community.splunk.com/t5/Getting-Data-In/How-to-Splunk-the-SAP-Security-Audit-Log/m-p/380913

---
If this reply helps you, Karma would be appreciated.
0 Karma

Emyamy
Explorer

Hi @richgalloway 

I'm trying to onboard SAP Audit log files to splunk but it is in binary format. 

i used below props.conf but doesn't seem to be working as expected.

[sap:test]
CHARSET=UTF-16LE
NO_BINARY_CHECK=false
detect_trailing_nulls = false
inputs.conf:

[monitor:///monitoring_path]
index = sap_testindex
sourcetype = sap:test

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...