Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
11 results
Sorted by:
07-24-2014
02:30 AM
...s both timestamps do not contain the year, splunk does not manage to correctly index the events.
I therefore override both sourcetypes on a per-event basis.
In props.conf:
[source::.../e...
07-24-2013
12:45 AM
I've implemented per-event source types assignment as described here: http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Advancedsourcetypeoverrides Basically it works. For events matching a R...
05-03-2016
09:59 PM
...uestion: I'm sending a wide variety of sourcetypes to Splunk via EC, using the "sourcetype" key in the event metadata. For TCP, I believe I'll have to overrride source types on a per-event basis as d...
11-07-2016
01:09 AM
...otoring the log file.
The purpose is that i need to assign different sourcetype to each of them.
Also, is this possible to be done at in rsyslog which is acting as my centralized syslog server.
I h...
01-17-2019
05:31 AM
...s always "encore". To cheekily resolve that, I tried to alias on the heavy forwarder the sensor field to source (in the estreamer TA), and also on the search head thusly:
FIELDALIAS-e...
07-01-2020
08:38 AM
...nterface, I can see more types of events being sent on the wire: dhcpd, nginx, unbound, etc. When doing a search for these events, 'index=fw dhcpd' or 'index=fw nginx', zero (0) events are returned. So it's n...
Labels
- Labels:
-
troubleshooting
10-02-2018
07:52 AM
...athToLogs/*/fixedPath/logForSourcetype2*.log]
The goal here is to read the host and source type for the given input.
- host: through host_segment (first * in the stanzas)
- source type: t...
03-07-2016
08:34 AM
I know that I can override source types dynamically per event based on this documentation link here: (docs.splunk.com/Documentation/Splunk/6.2.5/Data/Advancedsourcetypeoverrides)
I'm reading event...
08-13-2010
11:56 AM
...ike it should be valid - it may not be, please correct me.
I'm looking to apply this depending on the raw text of the event, so my source type isn't fixed and can't be set in inputs.conf.
Is source...
10-21-2013
03:22 PM
...s I mentioned
in the previous paragraph and assign the sourcetype on a per event basis or in props.conf. I chose to do this in props.conf. I
am using the following configuration:
inputs.conf...
