Hi, still learning Splunk and.....need to know..
How to delete an "sourcetype" that is tied to indexed data. I accidentally added thesourcetype and now want tocorrect it. I am using Ver. 5.0.4....
...ame_10
5/22/2020, 2:00:52 PM.
The blocked host name belongs to a domain controller where I just deployed a UF. I'm not receiving any data from this forwarder.
This is harder than I a...
...plunk Enterprise configured as a forwarder.
How can I assign a sourcetype and index tothedata that does come in from the host that is configured with port 997 as a receiver? Sorry f...
...onventions and I have to create three sourcetypes based on that. How should I do it? Should I create separate configuration files (props and inputs) inside the local folder and assign 3 source...
I am trying to identify which sourcetypes produce data with the same log format. Currently, I am using this query to show the highest percentage log pattern for access logs in my domain:
source...
...'ve defined custom sourcetypes as directed in the docs
Specify sourcetype for an input
You can assignthesourcetype for data coming from a specific input, such as /var/log/. If you have Splunk E...
Hi
I have one file with multiple JSON types in it.
What is the best way to get this data into Splunk.
I dont think i can use a universal forwarder as i cant specify thesourcetype as i is m...
Hello,
We have some appliances data/logs, require me to send/receive those logs with SYSLOG. I have a server to receive those logs and I also know we need to use TCP/UDP port. How w...
...nteresting fields. The issue that I am facing is that I am getting duplicate records in my result set (possibly it is due tothe multiple sourcetypes that I am using in my query). Just w...
...anual sourcetype settings until I found out that I have to erase thedata in Splunk first. Then finally the settings from props.conf are applied when importing the logs again.
When I tested this, I...