Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

transformation of the logs

Jananee_iNautix
Path Finder
‎11-28-2013 03:33 AM

Hi,
I was given logs of certain format and now i want to output the logs in different format.Below is the sample logs given
2013/11/22 00:03:21 [therws] User activity containing filename abc.txt
2013/11/22 00:03:21 [tergs] User activity containing filename cde.csv

I should extract fields from the above logs and output them in splunk following format as events.

Fri November 22 00:03:21 2013 threws abc.txt a

a is for ascii
b is for binary

Can this be done in splunk?The transformation of logs should take place not at search time.

Tags (1)
0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎11-28-2013 09:15 AM

At search time or at index time ?

At search time, you can extract all your fields, with rex and use a simple eval to create the needed field.
And when you export, use another eval to format/concatenate your events with all the fields, in the order you want

see the pseudo search code.
<mysearch> | eval a=if(condition, "ascii","binary") | eval _raw=dayofweek."|".month."|".day."|".time_of_day."|".year."|".filename."|".a."|".User_activity

Please provide your props and transforms to understand what was done.

0 Karma
Reply

Jananee_iNautix
Path Finder
‎11-28-2013 10:14 PM

In props.conf i created a new sourcetype involving transformation part in it.
In transform.conf I didn give the regex pattern yet waiting for your answer to give a try.

0 Karma
Reply

Jananee_iNautix
Path Finder
‎11-28-2013 10:12 PM

I want at index time.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...