All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

sourcetype extraction issues

chrisgangl
New Member
‎04-21-2020 08:28 PM

I'm using the TA pfsense app and I am trying to fix some sourcetype extraction issues. The current app is supposed to use a transform to extract the sourcetype. Most logs have prepended time stamp, but nginx does not. There is a regex that uses a non-capture group to grab the timestamp in most logs and then select the log type for source. I edited this and added an or statement to get the nginx logs, but it does seem to work. So I then created a second transform for sourcetype to get the nginx logs, but that is not working either. What is the proper way to parse the same log stream multiple time inline with a regex and use a transform to label both logs with their proper sourcetypes. I can't see to find a good method for this in the docs. Thanks.

0 Karma
Reply

pkt_nspktr
Explorer
‎07-02-2020 07:29 AM

@chrisgangl, I had similar issues and found a solution that worked for me; see my post https://community.splunk.com/t5/All-Apps-and-Add-ons/TA-pfsense-transforms-conf-pfsense-sourcetyper-....

If that doesn't help, I'm willing to share what little knowledge I've gained beating my head against the desk trying to get this to work for me!

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...