Hi, still learning Splunk and.....need to know..
How to delete an "sourcetype" that is tied to indexed data. I accidentally added thesourcetype and now want tocorrect it. I am using Ver. 5.0.4....
...onventions and I have to create three sourcetypes based on that. How should I do it? Should I create separate configuration files (props and inputs) inside the local folder and assign 3 source...
...plunk Enterprise configured as a forwarder.
How can I assign a sourcetype and index tothedata that does come in from the host that is configured with port 997 as a receiver? Sorry f...
I am trying to identify which sourcetypes produce data with the same log format. Currently, I am using this query to show the highest percentage log pattern for access logs in my domain:
source...
Hi
I have one file with multiple JSON types in it.
What is the best way to get this data into Splunk.
I dont think i can use a universal forwarder as i cant specify thesourcetype as i is m...
Hello,
We have some appliances data/logs, require me to send/receive those logs with SYSLOG. I have a server to receive those logs and I also know we need to use TCP/UDP port. How w...
...'ve defined custom sourcetypes as directed in the docs
Specify sourcetype for an input
You can assignthesourcetype for data coming from a specific input, such as /var/log/. If you have Splunk E...
I am working with application data that has the same exact format across several applications. Thesourcetypes are based on application names. We have a couple of fields that we need to extract. I...
...nteresting fields. The issue that I am facing is that I am getting duplicate records in my result set (possibly it is due tothe multiple sourcetypes that I am using in my query). Just w...
How can I index logs from different sourcetypes in the same index?
Let's say Network ABC is having one AD and one Firewall. Now I want to create an index ABC and want to index logs from both d...