Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert if emojis are found in logs

sanmathikivade
New Member
‎12-19-2018 09:59 AM

How to locate Emojis if they are indexed in Splunk.
Our internal Database doesn't support Emojis but the source system can send Emojis in the request.

Tags (2)
0 Karma
Reply

patng_nw
Communicator
‎03-06-2020 08:06 PM

I have a similar problem, and I ended up writing a custom command which makes use of the Python emoji module to detect emoji in the string.
https://pypi.org/project/emoji/

And here are some info about custom commands, in case you're not familiar with it.
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
https://www.splunk.com/blog/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-gen...

0 Karma
Reply

ddrillic
Ultra Champion
‎12-19-2018 12:53 PM

So, you need to detect them and they appear to be Unicode characters encoded as UTF-8.

alt text

Emoji Unicode Tables

0 Karma
Reply

sanmathikivade
New Member
‎12-20-2018 04:19 AM

@ddrillic thanks for the reply.

I am unable to attach the screenshot as i dont have enough Karma points.
In the log events, I can already see them as Emojis (smilies) and they are not stopped or converted as there is no transformation rule.

Hence, I want to track / alert on it.

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...