topic Re: What sourcetype should I use to index my mongo logs? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185404#M37121 <P>I think abrie.strauss is trying to solve the same problem that I am. I am trying to index mongodb.log files rather than analyze the data stored in Mongo itself. I don't think Hunk does that. Ideally, I'd like to say "splunk add monitor -source mongodb.log -sourcetype mongo" and Splunk would properly parse and present Mongo's log data. If Splunk doesn't have a sourcetype for Mongo logs, surely someone else has made one by now, no?</P> Thu, 28 Aug 2014 01:58:16 GMT pcrook 2014-08-28T01:58:16Z What sourcetype should I use to index my mongo logs? https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185402#M37119 <P>We currently have a mongodb cluster who's logs I would like to index to splunk, but there appears to be no sourcetype for mongo logs, what can be done to index the fields in a way that splunk registers the values at time of index? </P> Mon, 18 Aug 2014 13:53:19 GMT https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185402#M37119 abrie_strauss 2014-08-18T13:53:19Z Re: What sourcetype should I use to index my mongo logs? https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185403#M37120 <P>Hi abrie.strauss,</P> <P>take a look at this app <A href="http://apps.splunk.com/app/1810/">Hunk App for MongoDB</A>, maybe this can help.</P> <P>cheers, MuS</P> Tue, 19 Aug 2014 08:01:12 GMT https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185403#M37120 MuS 2014-08-19T08:01:12Z Re: What sourcetype should I use to index my mongo logs? https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185404#M37121 <P>I think abrie.strauss is trying to solve the same problem that I am. I am trying to index mongodb.log files rather than analyze the data stored in Mongo itself. I don't think Hunk does that. Ideally, I'd like to say "splunk add monitor -source mongodb.log -sourcetype mongo" and Splunk would properly parse and present Mongo's log data. If Splunk doesn't have a sourcetype for Mongo logs, surely someone else has made one by now, no?</P> Thu, 28 Aug 2014 01:58:16 GMT https://community.splunk.com/t5/Getting-Data-In/What-sourcetype-should-I-use-to-index-my-mongo-logs/m-p/185404#M37121 pcrook 2014-08-28T01:58:16Z