Data onboarding
What kind of information we can use?
Sources can be anything. a system log file, an app log files, lookup files, etc..
Sourcestype of the event: the type of the sources will be the sourcetype.
for example, you can add data from /var/log/messages to splunk.
for this data,
for this data,
source=/var/log/messagesandsourcetype=linux_syslog
Source vs sourcetype -
Source and source type are both default fields, but they are entirely different otherwise, and can be easily confused.
Source and source type are both default fields, but they are entirely different otherwise, and can be easily confused.
The source is the name of the file, stream, or other input from which a particular event originates.
The sourcetype determines how Splunk software processes the incoming data stream into individual events according to the nature of the data.
Events with the same source type can come from different sources, for example, if you monitor
The sourcetype determines how Splunk software processes the incoming data stream into individual events according to the nature of the data.
Events with the same source type can come from different sources, for example, if you monitor
source=/var/log/messages and receive direct syslog input from udp:514. If you search sourcetype=linux_syslog, events from both of those sources are returned.
Linux Configuration
We will make our adjustment in our Linux machine in AWS; we will check what s on the application first
But maybe we don't know that information, we will use btool for that
\
If you like the explanation of this article, please click like
:)
Data onboarding
Reviewed by ohhhvictor
on
May 10, 2020
Rating:
Reviewed by ohhhvictor
on
May 10, 2020
Rating:
No comments: