Re: Monitor Server Transaction Log File (.ldf) on ...

nerdyboy99 · ‎04-16-2021

How can I monitor data from .lfd files on Splunk?

venkatasri · ‎04-18-2021

Hi, if .ldf is a text file format then you can install a Splunk Universal forwarder on the host where file exist and configure it to ingest to Splunk Enterprise.

-----------------------------------------------------------

An upvote would be appreciated if it helps!

nerdyboy99 · ‎04-20-2021

Thanks for your answer. But .ldf not text file format. it's binary.

venkatasri · ‎04-20-2021

Hi,

There is no straight approach as Splunk prefers text and you can force it to ingest binary that doesn't really help with search. Instead a pre processed binary to text via a separate process or scripted input by Splunk which again back by a custom script which user has to write for binary conversion. Following link would direct to such solutions.

https://community.splunk.com/t5/Archive/How-to-use-splunk-for-binary-log-file/m-p/41784

____________________________

An upvote would be appreciated if it helps!

Monitor Server Transaction Log File (.ldf) on Splunk

monitor

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation