Solved: Scripted wtmp input rejected as Binary file

Flynt · ‎03-15-2012

I have a script that pulls wtmp information and saves it to ASCII files but Splunk still insists that my files are binary. In fact, any files I now put in the directory are now considered binary files and cannot be indexed! My config

[monitor:///mylogs/wtmp_logs]
disabled = false
sourcetype = wtmp
crcSalt =

Flynt · ‎03-15-2012

The issue here is the wtmp sourcetype you have defined in the inputs.conf. Splunk will reject the wtmp sourcetype and consider the files binary. Changing the sourcetype to wtmp_log or wtmplogs will solve the issue and allow indexing of files within this directory.

View solution in original post

praveerg · ‎04-04-2014

Can i get the script to read wtmp file and converts in ASCII information.

Flynt · ‎04-16-2015

If I recall correctly it was done in python calling the "last" command using subprocess.

See this article for some basic uses for "last".

http://www.linuxnix.com/2012/10/read-view-utmp-wtmp-btmp-file-linuxunix.html

Flynt · ‎03-15-2012

The issue here is the wtmp sourcetype you have defined in the inputs.conf. Splunk will reject the wtmp sourcetype and consider the files binary. Changing the sourcetype to wtmp_log or wtmplogs will solve the issue and allow indexing of files within this directory.

Scripted wtmp input rejected as Binary file

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms