Products/Services
product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Specifications/Technical Information
Evaluation machine application/FAQ
Application for evaluation machine
- FAQ
What settings are required to import Shift JIS log files with Splunk?
In order to import log files in Shift JIS format, it is necessary to create a configuration file that specifies the encoding type in advance.
- First, decide the "source type" that you plan to set for the log file to be imported. For example, for a web application, use "webapp".
- Create a "props.conf" file in the "system\local" folder under the Splunk installation folder, and enter the following.
[webapp]
CHARSET=SHIFT-JIS
*The above setting indicates that when reading a file specified as webapp in the source type, SHIFT-JIS is explicitly converted to UTF-8 used for internal processing. Similarly, for EUC-JP log files, set CHARSET=EUC-JP. - After entering the settings in props.conf, restart Splunk or use the search command "| extract reload=t" to reflect the above settings.
* When editing props.conf directly, by entering "| extract reload=t" as a search command and searching, the configuration file will be read and reflected. - When specifying the log file on the Splunk management screen, data input, select [Manual] in "Source type set". And in "Source type", enter the source type specified in props.conf above. For this example, enter "webapp".
Note that garbled characters that occur when importing without the above settings will not be resolved. Sorry to trouble you, but you need to import the event again.
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30