Web Intelligence setup sourcetypes

New Member

It turns out that all the "definitions" required for web intelligence to work are not available and have to create them manually.

I do wonder about this...
Is it access_common/access_combined or access-common/access-combined ??

0 Karma

Splunk Employee
Splunk Employee

The most common sourcetypes are:

  • sourcetype=access_common (for Apache access logs)
  • sourcetype=access_combined (for Apache access logs)
  • sourcetype=iis* (for Microsoft IIS logs)