Solved: Re: Sourcetype questions

templier · ‎11-09-2014

Hello, colleagues!

Ask for help.
I have a log species:

Nov  7 17:31:50 domain.domain {"user":"email@domain","mimetype":"image\/gif","filename":"Logo_Facebook.gif","disposition":"attachment","size":5998,"download":false}

it is necessary to handle in splunk.

Possible to handle this file at the entrance to the forwarder and already transmitted in a suitable form in splunk?

Thank you!

templier · ‎11-10-2014

Hello, colleagues!

Found simply irreplaceable application and creat a sourcetype.
Called - Universal Field Extractor

View solution in original post

templier · ‎11-10-2014

Hello, colleagues!

Found simply irreplaceable application and creat a sourcetype.
Called - Universal Field Extractor

templier · ‎11-09-2014

How i undestend i must do it on splunk indexer (server) I'm right?

Sourcetype questions

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation

Sourcetype questions

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience