Reading downloaded log files locally

deveritt · ‎04-25-2011

I simply want to analyse a single log file I've downloaded from our server, and produce some charts, but am running out of time and patience trying to find out how to do this simple task. Any help appreciated.

zpavic · ‎04-25-2011

You can use this tutorial Add data to Splunk

Brian_Osburn · ‎04-25-2011

Go into your local instance of Splunk.
Go to "Manager"
Click "Data Inputs"
Click "Files & Directories"
Click "New"
Select "Upload and Index a file"
Select browse and upload the file.

deveritt · ‎04-25-2011

Hmm... it was the latest version actually recommended for OS X 10.4.11 - perhaps more recent versions might work on 10.4?

I've added the log file as a 'New Input', and am looking for the language ref... access.log" | fields referer_domain is the default, but I'm after things like 'page visits' etc.

Brian_Osburn · ‎04-25-2011

Ooof, that's a couple of revisions behind - Splunk 4.2.1 is the latest and greatest..

deveritt · ‎04-25-2011

Okay - figured out that it starts up as a server process and not an app. I'm running Splunk 3.4.13 on OS X 10.4.11. I went to "Data Inputs:Files & Directories:New Input" and am awaiting result for a 390MB Apache log file from one of our servers...

Brian_Osburn · ‎04-25-2011

Nope, it's a stand alone app. You can hit it directly via localhost:8000 and log in that way.

Brian

deveritt · ‎04-25-2011

Since this is the first time I've used it, perhaps I should have added 'does my local instance of Splunk run as an (OS X in my case) app or does it need a locally-running version of Apache?' BTW I'm currently awaiting (30 minutes and counting) an attempt to read said log file locally with Analog...

Reading downloaded log files locally

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms