Solved: Adding data with oneshot on gemeric_single_line

nyp_kwyc · ‎01-30-2015

Currently using oneshot to index data into splunk (bash)
Is there a way to add a option for data to be in gemeric_single_line when using oneshot

esix_splunk · ‎02-02-2015

If you want to do this, you'll need to define your own sourcetype via props and transforms. And then specify this sourcetype when you oneshot the data.

View solution in original post

esix_splunk · ‎02-02-2015

If you want to do this, you'll need to define your own sourcetype via props and transforms. And then specify this sourcetype when you oneshot the data.

aakwah · ‎01-30-2015

Could you please provide more clarification?

Regards,
Ahmed

nyp_kwyc · ‎02-01-2015

I created a bash script that include the oneshot command:
$SPLUNK add oneshot "$HOME/data.txt" -index myindex -hostname host1 -sourcetype datasource1

Then I realise my data log is all in one chunk - http://imgur.com/WD56m0y

Therefore I want to Event breaks at at every line when indexing the data via bash script command
Is there a augment for oneshot command to allow this option?

http://i.imgur.com/CAU3r5t.png

Adding data with oneshot on gemeric_single_line

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?