Repository for sourcetype configuration for common...

the_wolverine · ‎06-26-2014

Is there a repository for common log formats? I have Tomcat boot.log that is not line breaking correctly, most likely because it has been assigned a custom sourcetype.

If Splunk knows about this sourcetype, how would I reference the proper configuration to get my line breaking to work properly for this source?

tnesavich_splun · ‎03-08-2017

Love the idea! I am not seeing that Splunk has this. However, this is similar:
http://gosplunk.com/

Also, as it relates to your question I would look at how this is done when using the Splunk Add-on for Tomcat (or maybe even use it):
https://splunkbase.splunk.com/app/2911/

Here are is another supporting link for installation / configuration should you go that route:
http://docs.splunk.com/Documentation/AddOns/released/Tomcat/Setup

Repository for sourcetype configuration for common log formats?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Repository for sourcetype configuration for common log formats?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >