Getting Data In

How to assign a custom sourcetype for a data stream flowing via API calls?

olavo123
Explorer

I have data being streamed into Splunk using the Python SDK API call. Works perfectly fine using one of the built in sourcetypes: access-combined. But, now I wish to assign a custom sourcetype for the data coming via API calls.

How can I do this? I noticed that using props.conf requires you to specify an input source. Is there any other way to create this sourcetype.

Thanks

Olavo

woodcock
Esteemed Legend

You control the sourcetype so just set it to any string that you like when you setup your input (this will end up as a sourcetype=YourString configuration line inside the stanza related to your input inside of inputs.conf).

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...