Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Pre-canned Linux source types under /var/log

klopez30
Explorer
‎04-05-2018 06:37 AM

Is there any documentation about which files are covered by the pre-canned source types for linux? Specifically, there are two that are fairly similar, linux_messages_syslog: italic*Format found within the Linux log file /var/log/messages*italic and linux_secure: italic*Format for the /var/log/secure file containing all security related messages on a Linux machine*italic.

It's a production machine that I don't have access to, so I can't just guess and check.

Thanks

0 Karma
Reply

p_gurav
Champion
‎04-05-2018 06:40 AM

This doc may help you :
http://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Listofpretrainedsourcetypes

0 Karma
Reply

klopez30
Explorer
‎04-05-2018 06:43 AM

That doesn't map the files to the the sourcetype. It gives an example of one log for that sourcetype.

0 Karma
Reply
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...