×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Stun
New Member
Member since: ‎04-28-2021
‎04-28-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-28-2021
Activity Feed
Topics I've Started
View All

Tar.gz

by in Getting Data In
‎04-28-2021 01:58 AM
‎04-28-2021 01:58 AM
Hello, I push in splunk a tar.gz file named file.tar.gz. In this tar.gz file I have several files: file.tar.gz    |    | - filea    | - fileb    | - filec When splunk consume the tar.gz I loose the file name (I can see only the file.tar.gz file as source field). the content of filea fileb filec are in the index but not the file name. I would like to manage the source field with the file name in tar.gz, as following source:filea instead of file.tar.gz source:fileb instead of file.tar.gz source:filec instead of file.tar.gz Could you please help me please ? Many thanks.   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-28-2021 11:23 AM