Splunk parsing issue

Hi everyone,

I'm new to the splunk technology, so there have been a few things that I'm stuck with. I have a log format with a field that includes a binary number, so either a single 0 or 1 digit. I'm trying to extract a new field to name this field accordingly, but splunk is having a hard time parsing and identifying this field correctly. I provide a few examples but it only recognizes the zeros in the date field... anyone know what I could do to get it to identify this specific field? Thank you!!

asked 19 Jun '12, 14:35

monicato
168●1●8
accept rate: 0%

One Answer:

oldest newest most voted

0	Is it possible to convert those binary bits to ascii before Splunk indexes it? If so, that would be the route I would go. link answered 19 Jun '12, 19:39 Lamar 439●2●4 accept rate: 25%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

problem ×44
parse ×18
binary ×16

Asked: 19 Jun '12, 14:35

Seen: 465 times

Last updated: 19 Jun '12, 19:39

Splunk parsing issue

Follow this question

Splunk Resources

Related questions