Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to monitor docx and PDF files in Splunk?

omerr
Explorer
‎07-09-2015 07:22 AM

Hi,

I think about new application for our organization and for that I need the ability to monitor (=index,read) the content of doc / docx / PDF files.

When I import the file to Splunk it preview like hex / binary so I think we should define new sourcetype for those files and especially change the charset to something that fit it.

I searched a lot about it but seems that anyone deals with this before.

Can you help me with this?

Thanks,

Omer.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎07-09-2015 02:45 PM

Hi omerr,

Are you trying to use splunk to search within your docx / PDF or simply store it?

Either way, splunk doesn't provide a default way to handle this.
You could use a script in combination with some kind of docx / pdf to text utility to load your docx / PDF's textual content into splunk.

Or, ...

If you want to try simply indexing the files straight-up, then simply add something like this to your props.conf file:

[source::....pdf]
NO_BINARY_CHECK = true

Which should force your PDFs to be indexed even though they are binary. I suspect you will not like the results, but you can give it a try.

cheers, MuS

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...