Solved: How to format or assign sourcetype for mongod.log

dhavamanis · ‎10-03-2016

We installed Splunk universal forwarder in mongodb host and started getting logs in Splunk. Can you please let us know how to assign the sourcetype to extract fields for "MongoDB Monitoring" app required format. Also please tell us how to assign specific index for this app, because we are sending all mongod.log to one common index.

maciep · ‎10-03-2016

Not sure if you need much more than this, but the documentation for the app is on git hub. It says that extractions are based on the mongod sourcetype. And by default, the dashboards search for events in the mongodb index. But you can put them in any index you want and just update the search macros accordingly.

https://github.com/jruaux/mongodb-monitoring#mongodb-logs

Does that help?

View solution in original post

maciep · ‎10-03-2016

Not sure if you need much more than this, but the documentation for the app is on git hub. It says that extractions are based on the mongod sourcetype. And by default, the dashboards search for events in the mongodb index. But you can put them in any index you want and just update the search macros accordingly.

https://github.com/jruaux/mongodb-monitoring#mongodb-logs

Does that help?

How to format or assign sourcetype for mongod.log

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!