Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a list that contains all the possible values for "eai:type" field in the REST endpoint: services/data/inputs/all

anton085
Path Finder
‎07-28-2017 01:59 PM

Hi,

When I go to :8089/services/data/inputs/all I get a list of all the inputs Splunk is listening to. In each input there is a field called eai:type. Is there a list that contains all the possible values eai:type can have? So far I have seen monitor and WinEventLog.

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-29-2017 11:23 AM

Those are not sourctypes but they are input types that are related to sourcetypes. Sourcetypes can be anything (almost). This is the closest thing that exists to a master list of sourcetypes:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Listofpretrainedsourcetypes

The master list of inputs, more or less, can be found here: $SPLUNK_HOME/etc/system/README/inputs.conf.spec

But keep in mind, that adding apps can cause more inputs to be available (e.g. the ServiceNow stuff will add a "snow" input type).
So try this:

find $SPLUNK_HOME -name inputs.conf.spec

Read up on it all.

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-29-2017 11:23 AM

Those are not sourctypes but they are input types that are related to sourcetypes. Sourcetypes can be anything (almost). This is the closest thing that exists to a master list of sourcetypes:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Listofpretrainedsourcetypes

The master list of inputs, more or less, can be found here: $SPLUNK_HOME/etc/system/README/inputs.conf.spec

But keep in mind, that adding apps can cause more inputs to be available (e.g. the ServiceNow stuff will add a "snow" input type).
So try this:

find $SPLUNK_HOME -name inputs.conf.spec

Read up on it all.

Reply
Solved! Jump to solution

nmclaughl1
Explorer
‎06-05-2019 02:09 PM

Regarding TA's that created Input types, like Splunk TA for AWS...
...and when installed to a SplunkCloud instance, I see a different count between the UI (10 - enabled) and | rest /services/data/inputs/all (7)

Is that a ticket to splunkCloud Ops or is there something you're aware of that "hides" some inputs from the rest api?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎07-28-2017 03:30 PM

Those look like sourcetypes. If so, it could be anything an admin defines.

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...