![]() You can configure multiple files or directories in a source by using a regular expression. This entry defines the access_combined source type and then assigns that source type to files that match the specified source. The following entry is an example of an entry in the nf file. For information on configuration files in general, see About configuration files in the the Splunk Enterprise Admin Manual. For detailed information on the nf file, read the nf specification in the Splunk Enterprise Admin Manual. If you use Splunk Enterprise, you can create a new source type by editing the nf configuration file and adding a new source type stanza. See Add Source Type.Įdit the nf configuration file to create a source type You can also use the Source types management page to create a new source type. To learn more about the Set Source Type page and how to assign source types to your data, see Assign the correct source types to your data. It doesn't appear when you specify any other type of data source. The page appears only when you specify or upload a single file. As you change settings, you can immediately see how the changes affect the event data. For other modifications, it lets you edit the underlying nf file directly. The page lets you make the most common types of adjustments to timestamps and event breaks. You can save your changes as a new source type, which you can then assign to data inputs. It also lets you make adjustments to the source type settings as necessary. The Set Source Type page in Splunk Web lets you view the effects of applying a source type to your data. Set the source type as part of creating a data input in Splunk Web This option isn't available on Splunk Cloud Platform unless you define the source types on a universal forwarder and send them to Splunk Cloud Platform.Īlthough you can configure individual forwarders to create source types by editing the configuration files that reside on the forwarders, a best practice for creating source types is to use Splunk Web to guarantee that source types are consistent across your Splunk platform deployment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |