How to view the entire syslog or kiosk log file?

ginger8990 · ‎10-03-2014

I am new to splunk. We found some challenging issue with splunk.
we imported some logs as files and directories data input but I didn't see the option to see the whole log . This log is either syslog or kiosk log ==text file.

Can I see the whole log by just double click the log link?

jrodman · ‎10-04-2014

There is no guarantee of being able to see the whole original logfile in splunk.

The value of splunk is that you don't have to think about the event stream in terms of "a set of files" anymore, because the events occurring don't really care what file syslog put them in.

If you have rolling logs where each day (or hour, etc) you have a current file that is named my_file.log, then all the events that are written do this file will show up as source=my_file.log, for each copy of the file day after day, so there is no easy way to pull the events that were in a specific copy of that file.

Also, people may perform data modification or filtering on its way into splunk through the TRANSFORMS mechanism or other approaches.

That said, if you want to see the data you have from the file, you can simply run a search on

source=/path/to/your/filename.log

or more typically

source=/path/to/your/filename.log host=a_hostname

to ensure you're looking at the data from one system, instead of possibly events from many systems.

ginger8990 · ‎10-05-2014

Thanks for the reply. Where to start these commands? At GUI interface or command prompt?

I installed splunk on Windows with GUI interface.

How to view the entire syslog or kiosk log file?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!