Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is Splunk unable to index a converted text file?

Abilan1
Path Finder
‎10-29-2015 11:54 PM

Hi ,

I have saved the outlook file as a text fie and placed that file into a Splunk monitoring folder. Splunk is just indexing only the 1st line of that text file and for some other converted text files, it is not even indexing a single line. I would like to know if Splunk supports these kind of files or any other way to do this?

Thanks!

Tags (3)
0 Karma
Reply

Runals
Motivator
‎10-30-2015 04:57 AM

I'd look in the internal logs (index=_internal) to see if you can get info from it. Might have to look for things like directory path elements, file name, etc.

0 Karma
Reply

asimagu
Builder
‎10-30-2015 03:50 AM

Open it with Notepad++ for example and check that the encoding is UTF-8

0 Karma
Reply

Abilan1
Path Finder
‎11-02-2015 03:41 AM

Hi,

I have checked the file type, it is UTF-8 encoding. Splunk is indexing only 1st line of that file.

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...