Hi,
I am trying Splunk and try to evaluate it as a tool for managing the logs of our in-house applications. I am uploading a file with thousands of lines like the following ones (2 sample lines):
{"time_stamp":"2014-10-06 18:00:00.025956","message_id":2459316836,"rq_id":8036007057,"rs_id":8036007059,"status":"OK","message_type":"OTA_HotelAvailRQ","host":"0.0.0.0","elapsed_time":155,"subsystem":"Player","connectorhost"":localhost","resstatus":"null","requestorid":"TRPS"}
{"time_stamp":"2014-10-06 18:00:00.041755","message_id":2459316838,"rq_id":8036007025,"rs_id":8036007010,"status":"OK","message_type":"OTA_HotelAvailRQ","host":"0.0.0.0","elapsed_time":31,"subsystem":"Player","connectorhost""localhost","resstatus":"null","requestorid":"TREP"}
But after uploading the file I cannot set the proper SourceType. I am choosing _json and setting
- TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%3N %Z
- TIME_FIELD= time_stamp
But I get the following message: No results found. Please change Sourcetype, adjust Sourcetype settings, or check your source file.
I will appreciate any help.
Thanks a lot in advanced.
Tom.
... View more
