All Apps and Add-ons

Splunk Add-on Builder: Why am I unable to add multiple inputs with the same sourcetype?

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi Team,

I am creating new custom TA using Splunk Add-on Builder. I have successfully finished Step 1 and now I am on Step 2.
On Step 2 I have added first input by clicking on "Add Data" button and select radio button "Modular input using shell commands" .

I have filled all details like below.

Sourcetype name:   mysourcetype
Input name:   DATA_IN_1
Input title:  DATA_IN_1
Description :
Collection interval:  30
Shell commands:   sh myscript1.sh

This configuration is successfully done.

Now, again I am trying to add a second input by clicking on "Add Data" button and select radio button "Modular input using shell commands" with below details.

Sourcetype name:   mysourcetype
Input name:   DATA_IN_2
Input title:  DATA_IN_2
Description :
Collection interval:  30
Shell commands:   sh myscript2.sh

On this stage it gives me below error msg.

A sourcetype with the name "mysourcetype" already exists in Splunk Enterprise.

So It is any other way to fulfill the above scenario?

My Splunk Details are

Splunk Version : 6.4.0
Splunk Build : f2c836328108
Current App : Splunk Add-on Builder
App Version : 1.0.0
App Build : 7

Thanks for your help.

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

In Add-on Builder, one data input maps to only one sourcetype. That means you have to create data input with one unique sourcetype name.

Is that possible to merge your 2 scripts?

0 Karma

cmeerbeek
Path Finder

I don't think this is true.

The idea behind the AoB is that you create generic inputs that can be mapped to multiple sourcetypes.

The Splunk Add-on for MS Cloud Services is a good example of this.
You have one Azure Resource Blob input with which you can create multiple inputs with different sourcetypes. You just need to configure this when you create the input.

This is an assumption but I think it is a correct one 😉

0 Karma

rafamss
Contributor

Hi kamlesh_vaghela,

Here: http://docs.splunk.com/Documentation/Splunk/6.3.2/Data/Createsourcetypes and here: http://docs.splunk.com/Documentation/Splunk/6.0/Data/Whysourcetypesmatter , there is an example for use and configuration sourcetypes.

Any questions, tell me.

[ ]s
Rafael Martins

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...