Getting Data In

how to differentiate b/w the source types and integrate them as one.

japala
Path Finder

i am working in a environment which has three (almost similar) source types. i want to know which type of data is going into these and if possible i want to differentiate the data. i want to have a single source type instead of three.

hope this makes sense.

thanks..!!!

0 Karma

woodcock
Esteemed Legend

Yes. Give each a similar but distinct sourcetype such as MYRUDEALLCAPSTYPE1, MYRUDEALLCAPSTYPE2, and MYRUDEALLCAPSTYPE3. Then rename each of these 3 sourcetypes to a common one like MYRUDEALLCAPSTYPE as described below. You can always distinguish them again later by using field _sourcetype to access the original values.

http://docs.splunk.com/Documentation/Splunk/latest/Data/Renamesourcetypes

0 Karma

piebob
Splunk Employee
Splunk Employee

please don't yell.

japala
Path Finder

sorry..!! what are you trying to tell ? is there a problem with the question? if there is a problem, please correct me..!!

thanks..!

0 Karma

acharlieh
Influencer

@japala Writing in all caps on forums is referred to as "yelling" as it reads as if it's being shouted and considered bad form. For example, this is normal text, BUT THIS IS WAY TOO LOUD AND COULD BE READ AS ANGRY. If you could edit your question to have closer to normal capitalization that would be much easier to read and be understood.

As you're editing you could clarify did you run a search for these sourcetypes? Why did that not show you what data is going into these sourcetypes? Could you give more clarity as to what you're wanting to change and why?

0 Karma

japala
Path Finder

thank you ..!!! @acharlieh for the clarification on upper case letters i used..!!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...