Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

CSV syslogs

phoenixt
New Member
‎08-16-2012 09:46 AM

I would like to know if and where my syslog files are kept. Are they in CSV format? I would like to be able to use them with other applications also if need be.

Tags (1)
0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎08-16-2012 10:11 AM

If you'd like to use that data with other applications you can forward data onto other systems or you can use our API to extract the data. See links below. You could perform searches and export data to CSV if you want to do it manually for some reason as well.

http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddatatothird-partysystemsd

http://dev.splunk.com/view/sdks/SP-CAAADP7

0 Karma
Reply

MHibbin
Influencer
‎08-16-2012 10:08 AM

Syslog file for... what? ... What Application/Appliance/Server/System/etc?

Usually when talking about syslog, people normally mean logs that transmitted over UDP 514 (by default), so if you are transmitting these logs already, then you need to set Splunk up to monitor that port (via the manager).

If you mean system logs, the location can vary, for example Linux store logs in the /var/log/ directory, applications may vary.

Chances they will be in clear text (human readable) format as the purpose of logs is to be read by a techie for troubleshooting (etc.)

---OR---

Another way of reading this is that you have Splunk'd your syslog files and are looking for them in Splunk... perhaps try "sourcetype=syslog" in the flashtimeline. You can output data in CSV format once you have found events yes.

Can you clarify what you mean/trying to do please? - it may be me being a bit "thick" (if it is I apologise).

Cheers,

MHibbin

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...