Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Reading downloaded log files locally
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reading downloaded log files locally
I simply want to analyse a single log file I've downloaded from our server, and produce some charts, but am running out of time and patience trying to find out how to do this simple task. Any help appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use this tutorial Add data to Splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Go into your local instance of Splunk.
- Go to "Manager"
- Click "Data Inputs"
- Click "Files & Directories"
- Click "New"
- Select "Upload and Index a file"
- Select browse and upload the file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm... it was the latest version actually recommended for OS X 10.4.11 - perhaps more recent versions might work on 10.4?
I've added the log file as a 'New Input', and am looking for the language ref... access.log" | fields referer_domain is the default, but I'm after things like 'page visits' etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ooof, that's a couple of revisions behind - Splunk 4.2.1 is the latest and greatest..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay - figured out that it starts up as a server process and not an app. I'm running Splunk 3.4.13 on OS X 10.4.11. I went to "Data Inputs:Files & Directories:New Input" and am awaiting result for a 390MB Apache log file from one of our servers...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope, it's a stand alone app. You can hit it directly via localhost:8000 and log in that way.
Brian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since this is the first time I've used it, perhaps I should have added 'does my local instance of Splunk run as an (OS X in my case) app or does it need a locally-running version of Apache?' BTW I'm currently awaiting (30 minutes and counting) an attempt to read said log file locally with Analog...
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
SplunkTrust Application Period is Officially OPEN!
