Getting Data In

Sourcetype questions

templier
Communicator

Hello, colleagues!

Ask for help.
I have a log species:

Nov  7 17:31:50 domain.domain {"user":"email@domain","mimetype":"image\/gif","filename":"Logo_Facebook.gif","disposition":"attachment","size":5998,"download":false}

it is necessary to handle in splunk.

Possible to handle this file at the entrance to the forwarder and already transmitted in a suitable form in splunk?

Thank you!

0 Karma
1 Solution

templier
Communicator

Hello, colleagues!

Found simply irreplaceable application and creat a sourcetype.
Called - Universal Field Extractor

View solution in original post

0 Karma

templier
Communicator

Hello, colleagues!

Found simply irreplaceable application and creat a sourcetype.
Called - Universal Field Extractor

0 Karma

templier
Communicator

How i undestend i must do it on splunk indexer (server) I'm right?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...