Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Parsing phase versus parsing pipeline

ddrillic
Ultra Champion
‎08-31-2017 08:36 AM

Based on the documentation I read, it appears to me that the Parsing phase is comprised of the parsing pipeline, merging pipeline and the typing pipeline. Is this right? I also wonder at which stage the event is defined. Since the merging pipeline aggregates the lines, I assume that by the end of this merging pipeline, the event is defined. Is this right?

0 Karma
Reply

ddrillic
Ultra Champion
‎09-04-2017 05:38 PM

The second image keeps disappearing ; -)

alt text

Preview file
1 KB
0 Karma
Reply

somesoni2
Revered Legend
‎08-31-2017 09:00 AM

See if this page helps answer you questions:
http://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Configurationparametersandthedatapipeline

0 Karma
Reply

ddrillic
Ultra Champion
‎08-31-2017 11:00 AM

Interesting thing. These pages are a bit different. The second is How Splunk processes data through pipelines and processes

alt text

versus -

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...