Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unpacking and Uploading certain files from an archive automatically/scripted

ValentinM
Engager
‎05-31-2021 05:01 AM

What is the best way to get data into Splunk from a zip file (files in different subfolders of the zip) in an automated way?

 

I need to upload certain txt.files from an archive(debug bundle) into my Splunk deployment. The archive gets downloaded on clients that have access to the splunk deployment, and i need a way to automate this process, instead of unpacking the whole archive and then selecting the files i need one by one and uploading them.

 

Any help appreciated.

Labels (3)
0 Karma
Reply

venkatasri
SplunkTrust
SplunkTrust
‎05-31-2021 07:52 PM

Hi @ValentinM 

Splunk does the unpacking automatically, configure the monitor pointing to your .zip file in inputs.conf on the host where files exist. You should have UF/HF or standalone Splunk on the host.

This link helps to config sub-directories - Monitor files and directories with inputs.conf - Splunk Documentation

---------------------------

An upvote would be appreciated if it helps!

Tags (1)
0 Karma
Reply

ValentinM
Engager
‎06-01-2021 01:57 AM

The thing is the .zip file contains multiple hundred files of which i only need about 10 to analyse them in my Splunk Deployment, also sometimes its necessary to download multiple of these .zip files (each zip is a debug bundle of a client pc), and there are multiple users who might download +upload these to Splunk, so if possible i dont want to install a Forwarder on each host.

 

The overall process should be somewhat like this, a authorirized Splunk User downloads the .zip files he wants to analyse manually, so lets say now he has 4 .zip files on his local machine. Now i need a way in Splunk to unpack the files that i want (about 10 out of the 300+ in the .zip), add 1-2 custom fields at index time to them, and upload them in an automated way.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...