×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
warwicks1
Engager
Member since: ‎08-03-2021
‎10-15-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 10
Karma Received 0
Member Since ‎08-03-2021
Activity Feed
Topics I've Started
No posts to display.
View All

Re: host transform for pretrained sourcetype linux...

by in All Apps and Add-ons
‎03-06-2022 11:05 PM
‎03-06-2022 11:05 PM
Not sure why it is there exactly but I understand the idea. I do not like the out of the box "syslog" sourcetype for many things, I prefer to instead create sourcetypes specific to the syslogs from the sources I am dealing with at each new client. Their are multiple syslog patterns used by various vendors and on top of that often I see them modified during collection/centalization. There is a bunch of questionable stuff in the nix TA though, look at the eventtypes.conf for some terrible examples of eventtype searches. Ever looked at your logs and wondered why the os and unix and error tags show up on such a wide variety of things? Nix TA eventtypes out of the box is the answer. Also not forcing more care to be take with the broad ingestion of directories like /var/log/ results in forcing Splunk to do a lot of sourcetype guessing and, in most places I have been, initially results in many incorrect sourcetypings. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-15-2025 10:43 PM
Karma given to