I think abrie.strauss is trying to solve the same problem that I am. I am trying to index mongodb.log files rather than analyze the data stored in Mongo itself. I don't think Hunk does that. Ideally, I'd like to say "splunk add monitor -source mongodb.log -sourcetype mongo" and Splunk would properly parse and present Mongo's log data. If Splunk doesn't have a sourcetype for Mongo logs, surely someone else has made one by now, no?
... View more