Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

log4j showing Hexadecimal in Preview

christopheh
New Member
‎06-26-2012 05:54 AM

Hello

I have a log file made through a log4j on a windows box. I open it through Kate

06-12-12 20:20:32 THD=3304 INFO broker.operation - Reading key from the registry : 'XXXX'.
06-12-12 20:20:32 THD=3304 INFO broker.operation - Error while reading the key value : The Starting instance time out is inactive.
06-12-12 20:21:00 THD=3304 INFO system.net.http - Opening URL:

and in Splunk I have this:

26/06/2012 14:46:15.000

\xFF\xFE0\x006\x00-\x001\x002\x00-\x001\x002\x00 \x002\x000\x00:\x002\x000\x00:\x003\x002\x00 \x00T\x00H\x00D\x00=\x003\x002\x008\x008\x00 \x00I\x00N\x00F\x00O\x00 \x00b\x00r\x00o\x00k\x00e\x00r\x00.\x00o\x00p\x00e\x00r\x00a\x00t\x00i\x00o\x00n\x00 \x00-\x00 \x00W\x00e\x00b\x00 \x00s\x00e\x00r\x00v\x00e\x00r\x00 \x00"\x00h\x00t\x00t\x00p\x00:\x00/\x00/\x00a\x00r\x00m\x00w\x00e\x00b\x00d\x00d\x00c\x000\x000\x001\x00/\x00m\x00a\x00g\x00n\x00i\x00t\x00u\x00d\x00e\x00_\x00p\x00r\x00o\x00d\x00"\x00 \x00c\x00o\x00n\x00t\x00a\x00c\x00t\x00e\x00d\x00 \x00a\x00b\x00o\x00u\x00t\x00 \x00s\x00e\x00r\x00v\x00e\x00r\x00 \x00s\x00t\x00a\x00r\x00t\x00 \x00o\x00n\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00 \x00A\x00R\x00M\x00B\x00O\x00C\x00D\x00D\x00C\x000\x001\x000\x00 \x00f\x00o\x00r\x00 \x00d\x00a\x00t\x00a\x00s\x00o\x00u\x00r\x00c\x00e\x00 \x00M\x00a\x00g\x00n\x00i\x00t\x00u\x00d\x00e\x00_\x00P\x00R\x00O\x00D\x00.\x00

What could be the issue

Thanks a lot
Christophe

Tags (1)
0 Karma
Reply

christopheh
New Member
‎06-26-2012 09:08 AM

Hello

I am reading from a file on my disks (transferred from the windows box)

Thanks a lot

0 Karma
Reply

christopheh
New Member
‎06-27-2012 12:51 AM

Hello

in the meantime i use this to convert from utf16 to utf8
iconv -f UTF-16 -t UTF-8 -o dest.log source.log

and now it works like a charm

Thanks mikeanghorst

0 Karma
Reply

christopheh
New Member
‎06-27-2012 12:40 AM

Hello,

I have analysed the file and it appears to be in Little-endian UTF-16 Unicode English text, with CRLF line terminators

Kind Regards

0 Karma
Reply

mikelanghorst
Motivator
‎06-26-2012 09:10 AM

Hmm, I'm lost on why that would occur. I've only seen hex data when I had tried sending tcp syslog data to a splunktcp listener.

0 Karma
Reply

mikelanghorst
Motivator
‎06-26-2012 09:08 AM

How are you receiving the data? Via tcp/udp or reading a file directly?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...