Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
862 results
Sorted by:
01-27-2021
01:40 PM
the problem i'm currently having: Software team has logs being written to a file of mixed format and structure. I'm trying to use dynamic sourcetypes so that I can place these into sourcetypes and t...
Labels
- Labels:
-
indexer
-
props.conf
-
source
-
transforms.conf
11-17-2020
10:21 AM
Hi I have currently 5-6 index setup where consider abc as fieldname , which is extracted at index time and same fieldname is called with different name in different indexes like cde, efg . Now...
Labels
- Labels:
-
other
06-25-2020
08:58 AM
...ystem via syslog, Indexer must receive all the logs, Third Party system must receive a subset of these data (three sourcetypes) using syslogs (udp). I used the available documentation (https://d...
- Tags:
- syslog
- third party
Labels
- Labels:
-
heavy forwarder
-
syslog
09-24-2019
04:44 AM
1 Karma
...otally different environments (separate licenses).
I'm assuming this can be accomplished on the universal forwarder by using multiple target groups and modifying the inputs.conf files of the sourcetypes...
4 weeks ago
This is confusing me. On my Linux server the universal forwarder is installed, and the following sourcetypes are specified in inputs.conf. Nothing more is added. [monitor:///var/log/httpd/a...
Labels
- Labels:
-
troubleshooting
04-28-2016
03:30 PM
4 Karma
Still haven't seen an official answer to this. Source and host can use regex patterns, but sourcetypes cannot. Even a splunk blog recommends a way that is well... not recommended: http://blogs.splunk...
02-22-2021
03:47 PM
Hey all, I have a relatively dumb question. I'm trying to familiarize myself with Splunk's props.conf and transforms.conf files. Within one of my props.conf file there's a stanza defined for a c...
Labels
- Labels:
-
props.conf
-
sourcetype
01-11-2021
06:00 PM
...ubernetes The sourcetypes names are assigned by Splunk Connect using a structure like this: kube:container:* (example: kube:container:containerNumberOne) I have the following confs in props.conf and t...
Labels
- Labels:
-
heavy forwarder
-
props.conf
-
transforms.conf
02-09-2018
06:28 AM
Hi,
I know it should be possible to use wildcard sourcetypes in props.conf using a some regex magic, as explained here:
https://www.splunk.com/blog/2014/07/31/quick-tip-wildcard-sourcetypes-i...
03-31-2015
01:49 PM
...have a props.conf built, but we want to have a one props.conf to control these settings across the applications. How can I tie the sourcetypes to the one props.conf file?
thanks, Jenn
