Getting Data In

Source type to use for postgresql log

Engager

Hi,

What would be the source type I use for postgresql logs?

Here's a single line on the log file.

2013-02-27 18:36:01.103858 EST,"builder","dw",p13175,th-846481664,"10.24.33.81","44591",2013-02-27 18:35:54 EST,6827524,con243135,cmd70,seg-1,,dx1628096,x6827524,sx1,"LOG","00000","statement: SELECT quote_ident(E'subscribersnapshot_sample_ss539')",,,,,,"SELECT quote_ident(E'subscribersnapshot_sample_ss539')",0,,"postgres.c",1542,

Thanks,

lupin

Highlighted

Re: Source type to use for postgresql log

Splunk Employee
Splunk Employee

Splunk only has pretrained sourcetypes for mysql, specifically these data sources:

Databases mysqld, mysqlderror, mysqldbin

For Postgresql, you should make a new sourcetype, I use "postgresql" then set the appropriate props.conf to that sourcetype to extract the fields properly.

0 Karma