Splunk Cloud Platform

Is there any case where Splunk can perform parsing without an add-on help?

SplunkExplorer
Contributor

Hi Splunkers,

I have a doubt about the Splunk parsing capacity.

Until now, every time I needed to parse data, I used add-on, both custome wrote by me and downloaded from Splunk base. If I remeber well, but correct me if I'm wrong, an add-on is not required (or may be not required) if we have a well structured data format, like JSON or XML .

My question is: if the above assumption is right, are there any other case where Splunk can perform parsing without an add-on help? And if yes, what are they?

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Just because the data is well-formed doesn't mean Splunk knows what to do with it.  Add-ons tell Splunk how to process data.  This saves Splunk from guessing incorrectly and speeds onboarding.

The one format Splunk will parse out-of-the-box is key=value.  Even then, an add-on is recommended.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Just because the data is well-formed doesn't mean Splunk knows what to do with it.  Add-ons tell Splunk how to process data.  This saves Splunk from guessing incorrectly and speeds onboarding.

The one format Splunk will parse out-of-the-box is key=value.  Even then, an add-on is recommended.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Buttercup Games Tutorial Extension - part 9

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games Tutorial Extension - part 8

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...