Getting Data In

Multiple source types to a single listner

shrirangphadke
Path Finder

Hi,

Sorry if repeated question.

Can we add multiple source-types to an existing listener?
OR Can we create a listener with multiple source-types but single index.

0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

You can do both. You can have multiple source-types forwarding to the same index. You define what index they go on the server with the forwarder $Splunk_Home/etc/system/local inputs.conf

[sourcetype1]
index = indexName

[sourcetype2]
index = indexName2

If you don't specify an index in your inputs.conf then it will default to index=main

View solution in original post

skoelpin
SplunkTrust
SplunkTrust

You can do both. You can have multiple source-types forwarding to the same index. You define what index they go on the server with the forwarder $Splunk_Home/etc/system/local inputs.conf

[sourcetype1]
index = indexName

[sourcetype2]
index = indexName2

If you don't specify an index in your inputs.conf then it will default to index=main

shrirangphadke
Path Finder

Thank you very much! btw, is it possible on a system without forwarder ?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Glad I could help!

Can you clarify your question? You need a Splunk forwarder (usually a universal-forwarder) to forward data to your splunk indexer which makes it available in the GUI. The universal forwarders are light weight and use little resources on a server

So if you don't have a forwarder on a server then it will not make it into Splunk, unless you directly upload it..

0 Karma

woodcock
Esteemed Legend

If by listener you mean forwarder, then yes to both. This is all configured inside inputs.conf so read all about it here:

http://docs.splunk.com/Documentation/Splunk/latest/admin/inputsconf

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...