CSV syslogs

phoenixt · ‎08-16-2012

I would like to know if and where my syslog files are kept. Are they in CSV format? I would like to be able to use them with other applications also if need be.

sdaniels · ‎08-16-2012

If you'd like to use that data with other applications you can forward data onto other systems or you can use our API to extract the data. See links below. You could perform searches and export data to CSV if you want to do it manually for some reason as well.

http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddatatothird-partysystemsd

http://dev.splunk.com/view/sdks/SP-CAAADP7

MHibbin · ‎08-16-2012

Syslog file for... what? ... What Application/Appliance/Server/System/etc?

Usually when talking about syslog, people normally mean logs that transmitted over UDP 514 (by default), so if you are transmitting these logs already, then you need to set Splunk up to monitor that port (via the manager).

If you mean system logs, the location can vary, for example Linux store logs in the /var/log/ directory, applications may vary.

Chances they will be in clear text (human readable) format as the purpose of logs is to be read by a techie for troubleshooting (etc.)

---OR---

Another way of reading this is that you have Splunk'd your syslog files and are looking for them in Splunk... perhaps try "sourcetype=syslog" in the flashtimeline. You can output data in CSV format once you have found events yes.

Can you clarify what you mean/trying to do please? - it may be me being a bit "thick" (if it is I apologise).

Cheers,

MHibbin

CSV syslogs

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms