Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unpacking and Uploading certain files from an archive automatically/scripted

ValentinM
Engager
‎05-31-2021 05:01 AM

What is the best way to get data into Splunk from a zip file (files in different subfolders of the zip) in an automated way?

 

I need to upload certain txt.files from an archive(debug bundle) into my Splunk deployment. The archive gets downloaded on clients that have access to the splunk deployment, and i need a way to automate this process, instead of unpacking the whole archive and then selecting the files i need one by one and uploading them.

 

Any help appreciated.

Labels (3)
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎05-31-2021 07:52 PM

Hi @ValentinM 

Splunk does the unpacking automatically, configure the monitor pointing to your .zip file in inputs.conf on the host where files exist. You should have UF/HF or standalone Splunk on the host.

This link helps to config sub-directories - Monitor files and directories with inputs.conf - Splunk Documentation

---------------------------

An upvote would be appreciated if it helps!

Tags (1)
0 Karma
Reply

ValentinM
Engager
‎06-01-2021 01:57 AM

The thing is the .zip file contains multiple hundred files of which i only need about 10 to analyse them in my Splunk Deployment, also sometimes its necessary to download multiple of these .zip files (each zip is a debug bundle of a client pc), and there are multiple users who might download +upload these to Splunk, so if possible i dont want to install a Forwarder on each host.

 

The overall process should be somewhat like this, a authorirized Splunk User downloads the .zip files he wants to analyse manually, so lets say now he has 4 .zip files on his local machine. Now i need a way in Splunk to unpack the files that i want (about 10 out of the 300+ in the .zip), add 1-2 custom fields at index time to them, and upload them in an automated way.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...