Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is this possible to simply extract the content of a journal.zst file?

GaetanVP
Contributor
‎01-03-2023 08:07 AM

Hello Splunkers, I have a quick question,

Is this possible to simply extract the content of a journal.zst file ? Is it encrypted in some way or should I be able to retrieve the whole raw data out of it ?

The journal file is located here : <index_path>/db/hot_<whatever>/rawdata/journal.zst

Thanks a lot,

GaetanVP

Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...