Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Language for collecting logs

BRFZ
Communicator
‎07-04-2024 02:55 AM

Hello, 

I want to collect logs from a machine that is set to French. Consequently, the logs are generated in French, making parsing them difficult. Is it possible to collect logs from the machine in English while keeping the machine's language set to French ?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-06-2024 05:02 AM

Your question has way too little data to be answered reliably.

First and foremost - what kind of data are you trying to ingest? What is the producer of said data? With some solutions it's possible to extract some standardized fields which can be used to analyze the data instead of plain-text description possibly indluded in further part of the event. But if the source is generating data in language A, the data is in A. For some limited use cases you could try to use static lookups to substitute text in language A for language B but that would be a nightmare to maintain. Using some translation service on search as @BRFZ suggested is certainly possible but would be hugely impractical and could introduce privacy issues when using external services.

0 Karma
Reply

shivanshu1593
Builder
‎07-04-2024 06:56 AM

There isn't an inbuilt feature in Splunk, which can do this. You can build a custom app with external lookups (scripts) and use something like google translate or other services to do this and transform your data.

To get started, you can disassemble this old app and then take it from there to build your own.

https://splunkbase.splunk.com/app/1609

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...