Database Reference
In-Depth Information
Sourcetypes
Sourcetypes are also important to understand, as they help define the rules for an event. A
sourcetype is one of the default fields that Splunk assigns to data as it comes into the sys-
tem. It determines what type of data it is so that Splunk can format it appropriately as it in-
dexes it. This also allows the user who wants to search the data to easily categorize it.
Some of the common sourcetypes are listed as follows:
access_combined , for NCSA combined format HTTP web server logs
apache_error , for standard Apache web server error logs
cisco_syslog , for the standard syslog produced by Cisco network devices (in-
cluding PIX firewalls, routers, and ACS), usually via remote syslog to a central log
host
websphere_core , a core file export from WebSphere
(Source: http://docs.splunk.com/Documentation/Splunk/latest/Data/Whysourcetypesmatter )
Previous Page
Next Page
Splunk Essentials
Search WWH ::




Custom Search
Home