streams.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
streams.conf
# This file controls filters for live tail, (real-time view of data as it's indexed).
# Apply search filters so just the data you are interested shows up in the live tail interface.
#
# There is a streams.conf in $SPLUNK_HOME/etc/bundles/default/. To set custom configurations,
# place a streams.conf in your own custom bundle directory. For examples, see streams.conf.example.
#
# For help creating a bundle directory, or to learn more about bundles (including bundle precedence)
# please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig.
#
[stream:<stream name>]
* You may have as many of these stanzas as you wish.
* CAUTION: DO NOT USE THE NAME "livetail" as it is reserved by the system.
filter = <search string>
* Filter your live tail data on a search string.
* This filter is applied to the stream above.
* Currently, these searches CANNOT include piping.
* You can use the following fields (and ONLY the following fields) in your filter:
source, sourcetype, host.
streams.conf.example
# Copyright (C) 2005-2008 Splunk Inc. All Rights Reserved. Version 3.0 # # This file contains an example streams.conf. Use this file to configure filters for live tail. # # To use one or more of these configurations, copy the configuration block into # streams.conf in your own custom bundle. # # For help creating a bundle directory, or to learn more about bundles (including bundle precedence) # please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig. # This example sets up a Live Splunk named apache errors, that is filtered with the search "error # sourcetype=apache." Customize the name and search string as you see fit. [stream:apacheerrors] filter = error sourcetype=apache
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.