Getting Data In
Highlighted

Scripted wtmp input rejected as Binary file

Splunk Employee
Splunk Employee

I have a script that pulls wtmp information and saves it to ASCII files but Splunk still insists that my files are binary. In fact, any files I now put in the directory are now considered binary files and cannot be indexed! My config

[monitor:///mylogs/wtmp_logs]
disabled = false
sourcetype = wtmp
crcSalt =

Tags (3)
Highlighted

Re: Scripted wtmp input rejected as Binary file

Splunk Employee
Splunk Employee

The issue here is the wtmp sourcetype you have defined in the inputs.conf. Splunk will reject the wtmp sourcetype and consider the files binary. Changing the sourcetype to wtmp_log or wtmplogs will solve the issue and allow indexing of files within this directory.

View solution in original post

Highlighted

Re: Scripted wtmp input rejected as Binary file

New Member

Can i get the script to read wtmp file and converts in ASCII information.

0 Karma
Highlighted

Re: Scripted wtmp input rejected as Binary file

Splunk Employee
Splunk Employee

If I recall correctly it was done in python calling the "last" command using subprocess.

See this article for some basic uses for "last".

http://www.linuxnix.com/2012/10/read-view-utmp-wtmp-btmp-file-linuxunix.html

0 Karma