![]() ![]() ![]() Splunk Web updates the data preview pane to show how the data looks under the new source type. Select the source type that best represents your data.Hover over the category that best represents your data.Īs you do, the source types under that category appear in a drop-down list.Each category contains a list of source types within that category. Click the Source type: drop-down list to see a list of source type categories.If it can't determine a source type, it displays Sourcetype: System Defaults. If the Splunk platform can detect a source type, it displays the source type in the Source type: drop-down list. If the data does not appear in the way that you want, see whether or not an existing source type fixes the problem. See Adjust timestamps and event line breaks. Adjust timestamps, delimiters, and line breaking manually, then save the changes as a new source type.Choose an existing source type to change the data formatting.Otherwise, choose from one of the following options: If the data appears the way that you want, then click Next to proceed to the Inputs Settings page.Splunk Web displays the event summary in a new window. (Optional) View the event summary by clicking View event summary.Check the preview pane to see how will index the data.You can accept that source type or change it by following these steps. When the Set Source Type page opens, chooses a source type based on the data you specified. When you apply a Log to Metrics source type to an input, you can't preview the data for that input. For more information about log-to-metrics conversion and the Metrics settings, see Set up ingest-time log-to-metrics conversion in Splunk Web in the Metrics manual. If you select a source type from this category, a set of Metrics controls will appear on the left side of the Set Source Type page. The Splunk platform uses these source types for the ingest-time conversion of log events to metric data points. Source types in the Log to Metrics category are special source types. See "About the Log to Metrics source type category" later in this topic for details.įor information on source types and why they are so important, see Why source types matter.Ībout the Log to Metrics source type category Some source types, such as those in the Log to Metrics category, cannot be previewed. See Distribute source type configurations in Splunk Enterprise. If you use Splunk Enterprise, you can save any new source types to a nf configuration file that you can later distribute across the indexers in your deployment so that the source types are available globally. Modify settings for timestamps and event breaks to improve the quality of the indexed data and save the modifications as a new source type.Apply a different source type to see whether it offers more preferable results.See what your data will look like without any changes using the default event-processing configuration.You can modify the settings interactively and save those modifications as a new source type.Įnsure that you're assigning the right source type to your data by following these steps on the Set Source Type page: On the Set Source Type page, you can see how will index the data based on the application of a predefined source type. In other cases, you might need to create a new source type with customized event processing settings. In some cases, you might need to manually select a different predefined source type to the data. You can confirm that the Splunk platform indexes your data as you want it to appear using the Set Source Type page in Splunk Web.Ĭomes with many predefined source types and attempts to assign the correct source type to your data based on its format. By assigning the correct source type to your data, the indexed version of the data appears the way you want it to with correct timestamps and event breaks. The source type is one of the default fields that the Splunk platform assigns to all incoming data, and determines how the Splunk platform formats the data during indexing. Assign the correct source types to your data ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |