All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Easy way to add access_combined to the Web Data Model

sloshburch
Splunk Employee
Splunk Employee
‎08-25-2016 01:35 PM

This question is not just asking about how to generally add data to a CIM (http://docs.splunk.com/Documentation/CIM/latest/User/UsetheCIMtonormalizedataatsearchtime)

Many apps come with sourcetypes predefined and ready to go with eventtypes and tags so they work with Common Information Model Data Models immediately (AWS TA for example). I'm not seeing anything like that for access_combined. Am I missing something obvious here? If there exists a definition of the eventtype, tags, field aliases, etc.. then I'd love to use that instead of building it on my own.

Reply
1 Solution
Solved! Jump to solution
Solution

gfuente
Motivator
‎08-26-2016 05:36 AM

Have you checked this addon?

https://splunkbase.splunk.com/app/3186/#/overview

You may just need to change the sourcetype to apache:access

Reagrds

View solution in original post

Reply
Solved! Jump to solution

aivarson_splunk
Splunk Employee
Splunk Employee
‎01-10-2017 08:15 AM

Just created an add-on for this in case you don't want to change your sourcetype from the out of the box access_combined: https://splunkbase.splunk.com/app/3434/

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎01-11-2017 05:18 AM

I'll check it out. Assuming it works I'll probably switch the accepted answer to this one.

0 Karma
Reply
Solved! Jump to solution
Solution

gfuente
Motivator
‎08-26-2016 05:36 AM

Have you checked this addon?

https://splunkbase.splunk.com/app/3186/#/overview

You may just need to change the sourcetype to apache:access

Reagrds

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎08-26-2016 12:11 PM

Seems very restrictive according to http://docs.splunk.com/Documentation/AddOns/released/ApacheWebServer/Configure. Am I missing something? I also posted here: https://answers.splunk.com/answers/445097/splunk-add-on-for-apache-web-server-too-restrictiv.html

0 Karma
Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎08-26-2016 07:56 AM

Thanks. I'm also reaching out to the docs team to ask them to reference https://splunkbase.splunk.com/apps/#/page/1/search/CIM-compatible/order/relevance/supported/splunk if not done already. I think it's good to highlight those options.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top