I have a log file that has multiple sourcetypes or entries defined by a different format. Each entry in the log has a field that tells me
the type of data (the fields) or format for that line (or event). For example: entries could be something like
ABCD, aa, bb, cc, dd
XYZ, 1, 2, 3, 4
LMNOP, 1.45, 2.23, 3.89, 444, 5.67, 6.1
GHIK,1, 2, 3, 4, 5, 6, 7, 8, 9
What is the best way of defining a sourcetype for each entry and the field names (or its header) for them.
... View more