https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48088#M9099 <P>Thanks yannk.yes sourcetypes applied to the correct files.Timestamp is same.But as u said events are merged together.what is the issue and how to resolve it.</P> <P>I have reindexed that file many times by changing the sourcetypes alone.But no change iam getting events in same way getting like b4.</P> Fri, 11 May 2012 04:22:56 GMT john 2012-05-11T04:22:56Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48086#M9097 <P>hi,</P> <P>Logs is the foldername which I am having two types of files which having same format of data.Since splunk not breaking lines on date I am using line breaking and its not working since its working fine in priview b4 indexing here is my props.cofig and input.cofig<BR /> this is the content of file iam working on.</P> <PRE><CODE>18 Apr........... &lt;xml........&gt; &lt;.......&gt; 18 Apr.......... ......... ........... </CODE></PRE> <P>Input.confg </P> <PRE><CODE>[monitor://C:\newlogs\Logs\kllogs] disabled = false followTail = 0 crcSalt = &lt;SOURCE&gt; </CODE></PRE> <P>Props</P> <PRE><CODE>[source::C:\\newlogs\\Logs\\*\\Server.log.*] sourcetype=server [server] SHOULD_LINEMERGE=true BREAK_ONLY_BEFORE_DATE=false BREAK_ONLY_BEFORE=\d\d\s\w+\s MAX_EVENTS=200000 [source::C:\\newlogs\\Logs\\*\\Database.log.*] sourcetype=data [data] SHOULD_LINEMERGE=true BREAK_ONLY_BEFORE_DATE=false BREAK_ONLY_BEFORE=\d\d\s\w+\s MAX_EVENTS=200000 </CODE></PRE> <P>I have set soucetype as automatic while indexing files.Iam not able to find out what is the issue.Please help..</P> Thu, 10 May 2012 12:32:38 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48086#M9097 john 2012-05-10T12:32:38Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48087#M9098 <P>Few questions :</P> <UL> <LI>First, once indexes, are the sourcetypes data and server applied to the correct files ?</LI> <LI>Then if you search on a sample of the log on all time, do you find the event, are they merged together, or with a wrong timestamp ?</LI> </UL> Thu, 10 May 2012 13:58:23 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48087#M9098 yannK 2012-05-10T13:58:23Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48088#M9099 <P>Thanks yannk.yes sourcetypes applied to the correct files.Timestamp is same.But as u said events are merged together.what is the issue and how to resolve it.</P> <P>I have reindexed that file many times by changing the sourcetypes alone.But no change iam getting events in same way getting like b4.</P> Fri, 11 May 2012 04:22:56 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48088#M9099 john 2012-05-11T04:22:56Z https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48089#M9100 <P>When i have indexed the files seperately in splunk then sourcetype is working.But for both files the automatic source type is not working splunk is taking some default source type not the source type that i have given like data and server.</P> Wed, 23 May 2012 13:07:07 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-create-sourcetype-for-different-type-of-files-in-a-same/m-p/48089#M9100 john 2012-05-23T13:07:07Z