Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Pre-canned Linux source types under /var/log

klopez30
Explorer
‎04-05-2018 06:37 AM

Is there any documentation about which files are covered by the pre-canned source types for linux? Specifically, there are two that are fairly similar, linux_messages_syslog: italic*Format found within the Linux log file /var/log/messages*italic and linux_secure: italic*Format for the /var/log/secure file containing all security related messages on a Linux machine*italic.

It's a production machine that I don't have access to, so I can't just guess and check.

Thanks

0 Karma
Reply

p_gurav
Champion
‎04-05-2018 06:40 AM

This doc may help you :
http://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Listofpretrainedsourcetypes

0 Karma
Reply

klopez30
Explorer
‎04-05-2018 06:43 AM

That doesn't map the files to the the sourcetype. It gives an example of one log for that sourcetype.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...