Solved: Re: Is it possible to customize the automatic sour...

dpadams · ‎01-06-2011

I've got Splunk configured to assign some custom sourcetypes to files when they're uploaded automatically from a watch directory. Some users would prefer to upload files by hand using the Splunk GUI and I want to make sure that they assign the correct sourcetype. They can do so by selecting "manual" for the sourcetype and then typing in the correct value. Unfortunately, this makes it easy to make a mistake.

Is it possible to customize the list of sourcetypes in the 'automatic' list shown in the Splunk Web GUI? I've googled a bit and looked around in the manuals but didn't follow if this is possible or not.

Thanks for any help.

sideview · ‎01-06-2011

Here's another question/answer that I think has the answer you're looking for:

http://answers.splunk.com/questions/7634/how-do-you-add-sourcetypes-to-the-pre-defined-sourcetypes

View solution in original post

sideview · ‎01-06-2011

Here's another question/answer that I think has the answer you're looking for:

http://answers.splunk.com/questions/7634/how-do-you-add-sourcetypes-to-the-pre-defined-sourcetypes

sideview · ‎01-06-2011

Excellent. glad i could help.

dpadams · ‎01-06-2011

Thanks very much, that's as easy as I'd hoped. Apologies for not finding this in the documentation myself. I'd already customized props.conf to understand the sourcetype, but didn't now about the [yoursourcetypehere] stanza.

Is it possible to customize the automatic sourcetype list in the Files & Directories interface?

Index This | Divide 100 by half. What do you get?

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Splunk and Fraud