everyday I have an email with an Excell file attached.
To input the data in Splunk, I have to save the file, convert the file in csv then add it to Splunk.
Is it possible to do this action automatically ?
@Alaza, I am not 100% sure but Protocol Data Input should be able to handle Excel file for input to Splunk. However, as Rich mentioned it might require you to create your own Custom Data Handler.
Correct.
xls files are a binary format , so you'd need to decode this in a custom data handler to a textual format.
Plenty of code librarys exist to do the decoding for you that you could reuse in your custom data handler.
Splunk does not automatically handle Excel files. However, you may be able to write a scripted or modular input that reads the mail, detaches the file, converts it to CSV, and indexes it.
--- If this reply helps you, Karma would be appreciated.
Your question asked if it was possible and it is, but with some effort on your part.
Getting someone to do the work for you is something else. Check splunkbase to see if it's been done already (I'm pretty sure it hasn't). Otherwise, you'll have to persuade someone to write a script for you.
--- If this reply helps you, Karma would be appreciated.
There are probably some apps on splunkbase to help you read email. The trickiest part will be finding a way to convert the Excel file into CSV, but there may be python libraries that do that. As always, Google is your friend.
--- If this reply helps you, Karma would be appreciated.
