Getting Data In

I can't get "host" field by segment settings when upload zip files in Splunk on Windows.

yutaka1005
Builder

OS : windows 10
Splunk Ver : 7.2.3

I want to define first segment of below archive file as 'host' field when I upload it.

filename : hogehoge.zip
contents : /<host name>/ccc/ddd.txt

But in Splunk on windows, even if I choose Segment in path and put Segment number as 1 at Input Settings, it was not working.
* I could do it in Splunk on Linux!

alt text
alt text

Is this a specification? OR issues?

0 Karma

niketn
Legend

@yutaka1005, I think you have got wrong behavior of segmentation. Instead of the zip file can you try the folder tree and upload only one file ddd.txt to test whether segmentation is picking up correct host name or not?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

Hi @yutaka1005

Are you still having trouble with this issue? If so, please answer the commenter above so that they can help you further. Or, if you solved your query, would you mind describing the steps you took as an answer below so that others can learn from your solution?

Thanks for posting!

0 Karma

yutaka1005
Builder

@p_gurav

Thank you for comment!
I tried putting host_segment value as 3, but it was still not working...

@niketnilay

Thank you for comment!
If I monitor normal tree folders, I can get host field by segmentation!

@mstjohn_splunk

Thank you for comment!
Even now, I do not know how to solve this ...

0 Karma

p_gurav
Champion

Hi,

According to the source field getting into Splunk, can you try putting host_segment value as 3.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...