...or the NEW correlation searches that will be created I can use macros or eventtypes/tags in my correlation search to address all existing sourcetypes AND new sourcetypes that might be onboarded to h...
...vent type previously using the exact same search string.
Other times I would get warning message from the 'data model mapping' home page that I need to add in sourcetypes for my defined event type. T...
This isn't a question, rather just a place to drop a PDF I put together that I titled "Bare Bones Splunk" I've seen a lot of people try and get started with Splunk, but then get stuck r...
...4 bit) and I see there are lots of version of forwarder for linux. Which version shall I install? And shall I install all three installation files (tgz, rpm, deb) or just one or two ofthem? What are the...
Hi There,
I have a requirement where i have an index with two different sources.
index=a sourcetype=a1
index=a sourcetype=a2
Now i have a column in common between these two sourcetypes. (e...
I'm coming to understand that "json" and "syslog" aren't sourcetypes, but formats.
Why are they provided as sourcetypes outofthebox with splunk if they are not meant to be used?
How is it r...