Language for collecting logs

BRFZ · ‎07-04-2024

Hello,

I want to collect logs from a machine that is set to French. Consequently, the logs are generated in French, making parsing them difficult. Is it possible to collect logs from the machine in English while keeping the machine's language set to French ?

PickleRick · ‎07-06-2024

Your question has way too little data to be answered reliably.

First and foremost - what kind of data are you trying to ingest? What is the producer of said data? With some solutions it's possible to extract some standardized fields which can be used to analyze the data instead of plain-text description possibly indluded in further part of the event. But if the source is generating data in language A, the data is in A. For some limited use cases you could try to use static lookups to substitute text in language A for language B but that would be a nightmare to maintain. Using some translation service on search as @BRFZ suggested is certainly possible but would be hugely impractical and could introduce privacy issues when using external services.

shivanshu1593 · ‎07-04-2024

There isn't an inbuilt feature in Splunk, which can do this. You can build a custom app with external lookups (scripts) and use something like google translate or other services to do this and transform your data.

To get started, you can disassemble this old app and then take it from there to build your own.

https://splunkbase.splunk.com/app/1609

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

Language for collecting logs

data

index

indexer

inputs.conf

monitor

universal forwarder

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?