About donfernandez

donfernandez · ‎02-22-2018

We were able to find the root cause. Apparently the forwarder was configured to be a HF which was expecting the TA to be deployed in the HF as well. So initially, it was communicated that we are working on a UF -> IDX turned out to be a HF -> IDX which makes the deployed TA in the IDX not able to map the sourcetype since it should have been deployed in HF. Thanks for the great help @esix 🙂

donfernandez · ‎02-13-2018

hi esix. It's thru transforms at ingestion..regarding the setup, we have something like UF(on-prem) --> IDX (cloud).. With this scenario, would it make any difference?

donfernandez · ‎02-13-2018

Has anyone experienced thier sourcetypes not mapping correctly during production deployment but in test/local it is mapping properly? - How did you identify the culprit? - I would like to try using btool but am not very familiar on how to write the syntax to show me the results I need

donfernandez · ‎02-07-2017

does this work for multiple tokens?

Posts	7
Solutions	0
Karma Given	0
Karma Received	1
Member Since	‎10-20-2016

Online Status	Offline
Date Last Visited	‎11-16-2023 08:51 AM

How to check why sourcetype is not mapping correct...

Does the Power User/Admin/etc. certifications expi...

Re: How to check why sourcetype is not mapping cor...

Re: How to check why sourcetype is not mapping cor...

How to check why sourcetype is not mapping correct...

Re: How to use an "input type=button" to reset a t...

Are you a member of the Splunk Community?

How to check why sourcetype is not mapping correct...

Does the Power User/Admin/etc. certifications expi...

Re: How to check why sourcetype is not mapping cor...

Re: How to check why sourcetype is not mapping cor...

How to check why sourcetype is not mapping correct...

Re: How to use an "input type=button" to reset a t...