Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

single logfile in local splunk server how to apply a multiple source type in splunk?

zippyopsadmin
New Member
‎09-30-2019 10:52 PM

my local splunk master having a ossim_alarms.log file my requirement is that file to apply a multiple souretype

0 Karma
Reply

gcusello
Esteemed Legend
‎10-01-2019 06:52 AM

Hi zippyopsadmin,
what do you mean with multiple sourcetype?
if you want to assign to an event a sourcetype based on a part of the source or a regex from the log, it's possible to override a sourcetype following the instructions at https://docs.splunk.com/Documentation/Splunk/latest/Data/Advancedsourcetypeoverrides .
But put much attention to this idea because in Splunk every thing (fields, eventypes, etc...) is related to sourcetype, this means that in this case you have more work to do!

Why do you want to assign many sourcetypes to the same log?

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...