Getting Data In

How to input an excel file from an email automatically

Alaza
Explorer

Hello,

everyday I have an email with an Excell file attached.
To input the data in Splunk, I have to save the file, convert the file in csv then add it to Splunk.
Is it possible to do this action automatically ?

0 Karma

niketn
Legend

@Alaza, I am not 100% sure but Protocol Data Input should be able to handle Excel file for input to Splunk. However, as Rich mentioned it might require you to create your own Custom Data Handler.

https://splunkbase.splunk.com/app/1901/

@Damien Dallimore , Can you confirm?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Damien_Dallimor
Ultra Champion

Correct.
xls files are a binary format , so you'd need to decode this in a custom data handler to a textual format.
Plenty of code librarys exist to do the decoding for you that you could reuse in your custom data handler.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk does not automatically handle Excel files. However, you may be able to write a scripted or modular input that reads the mail, detaches the file, converts it to CSV, and indexes it.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Alaza
Explorer

That's the script I need, that's why I asked my question 🙂

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your question asked if it was possible and it is, but with some effort on your part.
Getting someone to do the work for you is something else. Check splunkbase to see if it's been done already (I'm pretty sure it hasn't). Otherwise, you'll have to persuade someone to write a script for you.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Alaza
Explorer

I do not have the knowledge to do this script, that's why I need some help.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

There are probably some apps on splunkbase to help you read email. The trickiest part will be finding a way to convert the Excel file into CSV, but there may be python libraries that do that. As always, Google is your friend.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...