Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
14 results
Sorted by:
07-27-2022
12:18 PM
Solved: How to seperate different Sourcetype logs from sin... - Splunk Community Configure Unified Access Gateway System Settings (vmware.com) Syslog Formats and Events (vmware.com) Trying to override...
Labels
07-24-2014
02:30 AM
...s both timestamps do not contain the year, splunk does not manage to correctly index the events.
I therefore override both sourcetypes on a per-event basis.
In props.conf:
[source::.../e...
07-18-2022
01:31 AM
Hi Splunkers,
for an addon I'm making, I need to perform a sourcetype override. The general mechanis is clearly explained on this documentation: Override source types on a per-event basis and I u...
Labels
- Labels:
-
configuration
09-28-2019
06:05 PM
...type. Let's say that property is named code .
In the corresponding Splunk configuration, I use a transform that uses the value of the code property to override source types on a per-event basis...
07-24-2013
12:45 AM
I've implemented per-event source types assignment as described here: http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Advancedsourcetypeoverrides Basically it works. For events matching a R...
05-03-2016
09:59 PM
...uestion: I'm sending a wide variety of sourcetypes to Splunk via EC, using the "sourcetype" key in the event metadata. For TCP, I believe I'll have to overrride source types on a per-event basis as d...
01-17-2019
05:31 AM
...s always "encore". To cheekily resolve that, I tried to alias on the heavy forwarder the sensor field to source (in the estreamer TA), and also on the search head thusly:
FIELDALIAS-e...
10-02-2018
07:52 AM
...athToLogs/*/fixedPath/logForSourcetype2*.log]
The goal here is to read the host and source type for the given input.
- host: through host_segment (first * in the stanzas)
- source type: t...
03-07-2016
08:34 AM
I know that I can override source types dynamically per event based on this documentation link here: (docs.splunk.com/Documentation/Splunk/6.2.5/Data/Advancedsourcetypeoverrides)
I'm reading event...
08-13-2010
11:56 AM
...ike it should be valid - it may not be, please correct me.
I'm looking to apply this depending on the raw text of the event, so my source type isn't fixed and can't be set in inputs.conf.
Is source...
