Security

we cannot see korean char logs come from Charset NAC device

himang2c
New Member

This is logs from NAC device.

Sep 14 13:57:53 X.X.X.X 2012-09-14 13:57:52 INFO 109 X.X.X X.X.X.X 00:24:54:94:40:01 \xB3\xD7Ʈ\xBF\xF6ũ\xC1\xA4å \xC7\xD8\xC1\xA6\xB5\xCA. ................

Now, we did setting CHARSET = EUC-KR in props.conf .

CHARSET = CP949

SHOULD_LINEMERGE = False
CHARSET = EUC-KR

But , We cannot see korean CHAR on splunk.
How can I change CHARSET to see to korean character?

Could you tell me what is setting of charset ?

Tags (1)
0 Karma

ChrisG
Splunk Employee
Splunk Employee

That looks like the correct charset value; did you also specify the host that is sending this data? See Configure character set encoding in the Getting Data In Manual for examples of what your props.conf should look like. Do you need both CP-949 and EUC-KR?

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...