Splunk Encoding Issue with Not Sign (¬)

Splunk Search

Hello,

I am trying to send some records to Splunk that are incorrectly getting written.

This is what the message looks like in Splunk: TERMID=\xACAAB
This is what the message should look like: TERMID=¬AAB

I cant seem to find a character set encoding that correctly displays the 'not' sign (¬). I believe that this is something that could be fixed by updating the props.conf file and changing the character set encoding.

I tried using the default UTF-8 encoding and was recommended to use LATIN1, but did not have any luck with either.

In Hex, this value is x’5F’

Any help or recommendations on how to properly resolve this would be greatly appreciated.

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...