Typically we have been successful at getting the splunk forwarder to index log files from the remote instance onto an indexer in this manner:
However we are looking to index two OTHER file types -- for which this skeleton does not work:
i) Logging .out files:
ii) Logging .json files:
I have a daily-rolled-over logfile by the name of run-data.json that I need to index.
However it being in a JSON format - I need to figure out a strategy (convert it to xml or string) first and then push the data in there onto a forwarder.
Needless to say, the json data does not have any timestamps in it currently which, by itself presents a big issue.
Any pointers ?
asked 11 Jul '12, 14:03