×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
captainrobbo
New Member
Member since: ‎12-17-2010
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-17-2010
View All

Exactly what characters are allowed in field value...

by in Getting Data In
‎12-17-2010 05:05 PM
‎12-17-2010 05:05 PM
We have in-house web apps which log stuff, and are considering moving to Splunk for analysis. This would entail adopting a new log format, which is easy - we can write it out however Splunk wants. We understand this is the canonical format... timestamp key1=value1 key2="value two" key3=value3 Problem is, sometimes we need to log a LOT of stuff in the 'value' part. One example is an exception, and would want to store a fairly large Python traceback (newlines and all). Yet, we still want the value to be findable/searchable/readable in reports. Another situation is when we want to log POST params in a web form; the values might be multiline text, unicode characters or whatever. Does Splunk support a standard system for quoting or encoding multiline text and 'problem' characters in the "value" part of the format? I was expecting to find some well documented system like base64 or URL-encoding supported, but have been unable to find any docs on this. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM