Converting strings

mborner · ‎02-16-2011

I've got email subjects extracted into a field, which are encoded in UTF-8 or ISO-8859-*

Examples:

=?ISO-8859-15?Q?Video:_Hei=DFes_Photo-Shooting_Miley_Cyrus!_?= =?ISO-8859-15?Q?Olala!?=

or

=?UTF-8?Q?Tr:_La_beaut=C3=A9...?=

What would be the best way to convert these into a readable format?

Ron_Naken · ‎02-16-2011

You can configure character set encoding. Here is the manual page that describes how: http://www.splunk.com/base/Documentation/4.1.7/Admin/Configurecharactersetencoding

landen99 · ‎04-04-2014

Let's say that we want to create a field which is simply an original field decoded into ASCII and we want that process to happen internally within Splunk. How do we do that?

mborner · ‎06-29-2011

It was not exactly was I was looking for. The logfile is in ASCII, but it contains fields that are MIME encoded.

To solve the problem I wrote an external command, that decodes MIME fields into utf-8.

Get the code here:

http://pastebin.com/vtWnL50z

tomasmoser · ‎10-07-2020

Try MIME Decoder TA add-on:
https://splunkbase.splunk.com/app/5116/

Converting strings

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)