Recognize Source Types

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Filename
Format
Examples

Recognize Source Types

Create new source types to describe your data input sources.

Filename

props.conf (within any subdirectory of $SPLUNK_HOME/etc/bundles/)

Format

[source::<path>]
sourcetype=mySourceType
...

Create a new configuration with the path to your file (or files) and the name you wish to assign as a sourcetype.

Examples

[source::/var/log/netinfo.log]
sourcetype=netinfo_log

[source::/var/log/httpd/mywebsite_*_log]
sourcetype=mywebsite_log

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.2.2/Developer/RecognizeSourceTypes"

« Add Input Configurations How Splunk Uses Skins »

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Developing Dashboards, Views, and Apps for Splunk Web

Recognize Source Types

Contents

Recognize Source Types

Filename

Format

Examples

Comments