Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What does the view Settings -> Sourcetypes (Under Data Section) tells us?

att35
Builder
‎08-16-2018 07:38 AM

Hi,

I am working on troubleshooting one issue where data from a particular sourcetype is not getting parsed correctly. Came across this page under Settings -> Sourcetypes and want to understand what exactly is it tell us? When I see the sourcetypes listed on this page, there are several missing even though we can see data in Splunk for those sourcetypes. If I do index=* | stats count by sourcetype all of them are listed but many from that list wont show up on that page. Check on both searchhead & indexer but same results.

e.g. We are getting Windows Event log data from the 4 common sources, i.e. Application, Security, System and Setup. But When I check under Settings -> sourcetypes, only Application and Security are listed and the app assigned to them is splunk_app_windows_infrastructure. What happened to the other two sourcetypes (System/Setup) for which we are getting data?

alt text

But we are getting data for all the sources.

alt text

Thanks,

~ Abhi

Preview file
6 KB
Preview file
4 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...