Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to ingest excel from UF

Dayalss
Engager
‎08-28-2023 03:52 AM

Hi,

 

I have a excel file on a linux server at a particular path.

I have created a input file to monitor this file , but Im not receiving any logs.

Can anyone help me how to get that excel daily by creating  a input.conf 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 08:29 AM

Hi @Dayalss,

I confirm what @richgalloway said: there isn't any tool or Add-On to directly ingest Excel Files, the only way is passing through a csv conversion to perform out of Splunk before ingestistion.

You can do this is a script (e.g. in Python) like the ones described in these pages:

https://www.google.com/search?q=script+to+convert+an+excel+file+in+csv&rlz=1C1VDKB_itIT1048IT1048&oq...

Ciao.

Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-28-2023 07:05 AM

It depends on the type of Excel file.  A .xls file is binary and so will not be ingested by Splunk.  The UF's splunkd.log file should confirm this.

Newer Excel files are .xlsx, which is XML format.  That can be ingested by Splunk, but may be of limited utility if you can't interpret the XML.

There's also .xlsm files, which contain macros, but I'm not sure how they're stored.

Again, the UF should log a message when it's unable to monitor/ingest a file.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...