I would like to find a detaild tutorial on how to create a splunk app to parse syslogs, with pre-defined field names, not the automatic key/value that splunk is able to detect.
I have syslogs with different log types, I wonder if there is some documentation/tutorial on this. Can anyone point in the right direction? I am new to splunk. Thanks.
to do this you have the following items:
all these configurations will be in props.conf and transforms.conf files that you can put in one or more Technical Add-Ons (TAs).
You can find documentazione about this in:
View solution in original post
Grazie Giuseppe. The documentation sometimes is hard to digest for newbies but will try to go through it.
try to have the documentation of the Admin Training, or (better) follow this training.
It's also useful to follow the Sales Engineers I and II Training Courses, where log ingestion is described .
Ciao and happy splunking.