Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype?

paimonsoror
Builder
‎01-24-2017 10:22 AM

Wasn't able to find a solid answer on this one, but I am using Splunk 6.x, and was wondering if I could have a sourcetype, that essentially "inherits" another sourcetype. For example

[monitor:///var/log/httpd/access.log]
index = app_cp
sourcetype = cp:httpd:access
#souretype = access_combined
ignoreOlderThan = 1d

Ideally I would like the team to be able to leverage a sourcetype called cp:httpd:access so that they only get the access logs that pertain to their particular logs files, but i also want it to inherit the extractions defined by access_combined.

So essentially, can cp:httpd:access inherit from access_combined?

Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎01-24-2017 10:44 AM

Yes; you can rename a sourcetype:

https://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Renamesourcetypes

This is a search-time configuration and can have app-scope. Also, within the effected scope, the old/original/REAL sourcetype name can be accessed under the field name _sourcetype.

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎01-24-2017 10:44 AM

Yes; you can rename a sourcetype:

https://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Renamesourcetypes

This is a search-time configuration and can have app-scope. Also, within the effected scope, the old/original/REAL sourcetype name can be accessed under the field name _sourcetype.

Reply
Solved! Jump to solution

paimonsoror
Builder
‎01-24-2017 11:14 AM

YOU ROCK!!

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...