Getting Data In

Multiple source types to a single listner

shrirangphadke
Path Finder

Hi,

Sorry if repeated question.

Can we add multiple source-types to an existing listener?
OR Can we create a listener with multiple source-types but single index.

0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

You can do both. You can have multiple source-types forwarding to the same index. You define what index they go on the server with the forwarder $Splunk_Home/etc/system/local inputs.conf

[sourcetype1]
index = indexName

[sourcetype2]
index = indexName2

If you don't specify an index in your inputs.conf then it will default to index=main

View solution in original post

skoelpin
SplunkTrust
SplunkTrust

You can do both. You can have multiple source-types forwarding to the same index. You define what index they go on the server with the forwarder $Splunk_Home/etc/system/local inputs.conf

[sourcetype1]
index = indexName

[sourcetype2]
index = indexName2

If you don't specify an index in your inputs.conf then it will default to index=main

shrirangphadke
Path Finder

Thank you very much! btw, is it possible on a system without forwarder ?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Glad I could help!

Can you clarify your question? You need a Splunk forwarder (usually a universal-forwarder) to forward data to your splunk indexer which makes it available in the GUI. The universal forwarders are light weight and use little resources on a server

So if you don't have a forwarder on a server then it will not make it into Splunk, unless you directly upload it..

0 Karma

woodcock
Esteemed Legend

If by listener you mean forwarder, then yes to both. This is all configured inside inputs.conf so read all about it here:

http://docs.splunk.com/Documentation/Splunk/latest/admin/inputsconf

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...