sourcetypes.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
sourcetypes.conf
Configuration
# NOTE: sourcetypes.conf is a machine-generated file that stores the document models used by the # file classifier for creating source types. # Generally, you should not edit sourcetypes.conf, as most attributes are machine generated. # However, there are two attributes which you can change. _sourcetype = <value> * Specifies the sourcetype for the model. * Change this to change the model's sourcetype. * Future sources that match the model will receive a sourcetype of this new name. _source = <value> * Specifies the source (filename) for the model.
Example
# This file contains an example sourcetypes.conf. Use this file to configure sourcetype models. # NOTE: sourcetypes.conf is a machine-generated file that stores the document models used by the # file classifier for creating source types. # Generally, you should not edit sourcetypes.conf, as most attributes are machine generated. # However, there are two attributes which you can change. # # To use one or more of these configurations, copy the configuration block into # sourcetypes.conf in your own custom bundle. # # For help creating a bundle directory, or to learn more about bundles (including bundle precedence) # please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig. # # This is an example of a machine-generated sourcetype models for a fictitious sourcetype cadcamlog. # [/Users/bob/logs/bnf.x5_Thu_Dec_13_15:59:06_2007_171714722] _source = /Users/bob/logs/bnf.x5 _sourcetype = cadcamlog L----------- = 0.096899 L-t<_EQ> = 0.016473
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.