You could write a simple python modular input, that allows users to open up any UDP port, captures the UDP datagram , programmatically decodes the binary data into some textual format, transforms this into events in a best practice logging semantic, and writes these events out to Splunk over STDOUT.
Splunk can not consume binary data, you have to convert it to a splunk readable format before forwarding it to splunk. are you trying to forward netflows to splunk?
Try out IPFIXify
http://www.plixer.com/Products/ipfixify.html
I am trying to forward ipfix to splunk
You could write a simple python modular input, that allows users to open up any UDP port, captures the UDP datagram , programmatically decodes the binary data into some textual format, transforms this into events in a best practice logging semantic, and writes these events out to Splunk over STDOUT.
Exactly 🙂
So you mean that I create a UDP listener by myself, Not use the splunkd to listen the UDP
You missed the point.
You program your own Modular Input listening on it's own UDP port.Think of it like a Splunk UDP proxy. So it can capture and preprocess any type of data(ie: raw bninary) into an appropriate format for Splunk because you are programming it.
Can it capture the RAW binary data? Splunk seems automatically ignore the binary data.
Splunk will consume any Human-Readable text, so Binary data is not going to work. You will most likely want to capture that data via UDP and write it to disk in ASCII, and then have Splunk consume the text.
Did this help you?