Getting Data In

I can't get "host" field by segment settings when upload zip files in Splunk on Windows.

Builder

OS : windows 10
Splunk Ver : 7.2.3

I want to define first segment of below archive file as 'host' field when I upload it.

filename : hogehoge.zip
contents : /<host name>/ccc/ddd.txt

But in Splunk on windows, even if I choose Segment in path and put Segment number as 1 at Input Settings, it was not working.
* I could do it in Splunk on Linux!

alt text
alt text

Is this a specification? OR issues?

0 Karma

SplunkTrust
SplunkTrust

@yutaka1005, I think you have got wrong behavior of segmentation. Instead of the zip file can you try the folder tree and upload only one file ddd.txt to test whether segmentation is picking up correct host name or not?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Splunk Employee
Splunk Employee

Hi @yutaka1005

Are you still having trouble with this issue? If so, please answer the commenter above so that they can help you further. Or, if you solved your query, would you mind describing the steps you took as an answer below so that others can learn from your solution?

Thanks for posting!

0 Karma

Builder

@p_gurav

Thank you for comment!
I tried putting host_segment value as 3, but it was still not working...

@niketnilay

Thank you for comment!
If I monitor normal tree folders, I can get host field by segmentation!

@mstjohn_splunk

Thank you for comment!
Even now, I do not know how to solve this ...

0 Karma

Champion

Hi,

According to the source field getting into Splunk, can you try putting host_segment value as 3.

0 Karma