×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
imv327
Observer
Member since: ‎05-28-2024
‎07-02-2025
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-28-2024
Activity Feed
View All

Re: Sourcetype naming convention, predefined / lea...

by in Splunk Enterprise
‎06-07-2024 05:19 AM
‎06-07-2024 05:19 AM
I don´t need this course. It will absolutely not help me for what I have to do which is pretty advanced in terms of classic Splunk architecture. ... View more

Re: Sourcetype naming convention, predefined / lea...

by in Splunk Enterprise
‎06-06-2024 09:24 PM
‎06-06-2024 09:24 PM
Thank you for your answer. All these points have already been kind of analyzed and taken into account. I was expecting more insights / inputs from experience and challenges that splunkers may have faced. However I do know as well that our setup is a bit typical and does not reflect most of the enterprise setups that others may work with. ... View more

Sourcetype naming convention, predefined / learned...

by in Splunk Enterprise
‎05-30-2024 12:18 PM
‎05-30-2024 12:18 PM
Hi guys, I have several topics on the table. 1) I would like to know if you would have any advice, process or even document defining the principles of creating a naming convention when it comes to sourcetypes. We have faced the classic issue where some of our sourcetypes had the same name and we would like to find ways to avoid that from now on. 2) Is it pertinent to add predefined / learned sourcetypes with a naming convention based on the format.? (then we could solve the point 1 with a naming convention like app_format for example). How do you technically add new predefined sourcetypes and how do you solve both the management of sourcetypes (point 1) and the management of predefined sourcetypes  ? 3) How do you share Knowledge Objects, props and transforms between 2 Search Head clusters, how do you implement a continuously synced mechanism that would keep these objects synced between both clusters ? Do we have to use Ansible deployments to perform the changes on both clusters or is there any Splunk way to achieve this synchronization in an easier way inside Splunk (via a script using REST API, command line, configuration etc) ? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-02-2025 03:41 AM