All Apps and Add-ons

Additional sourcetypes from syslog

BrentSilva
New Member

Hello,

I've recently upgraded Splunk to 4.2.5 running on Windows 2008 R2. I'm trying to get both the Cisco Security Suite and Citrix Netscaler applications working together. I have created a UPD:514 - syslog input and can confirm that I am receiving data.

So, my question is I need to create a sourcetype called 'ns_log' to enable the Citrix Netscaler to work correcly. The problem I have is I can not define the props.conf/transforms.conf to keep the 'cisco_asa' sourcetype and the new sourcetype 'ns_log'

Thanks in advance

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi BrentSilva

are you asking about props and transforms in general or do you need two regex to match each new sourcetype?

cheers,
MuS

MuS
SplunkTrust
SplunkTrust

if possible provide some good syslog data and I will try to help you 😉

0 Karma

BrentSilva
New Member

Hi MuS,

I think I am asking about both. From what I can see, somehow I have a working props & transform configuration from when the Cisco Security suite was installed & now I need to modify this (I believe) or add an additional one to get an additional sourcetyoe working for the Citrix Netscaler app.

I hope that make sense,
Brent

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...