Knowledge Management

What are some types of data which will not load with default settings?

Buonomon2
Engager

I'm currently preparing for the Splunk Custom Data Load for completion of the Sales Engineer 2 certification. The directions say that I need to use a data set that will not load using the default settings in Splunk (i.e. I will need to edit config files to allow for the data to be ingested).

So my question is: what types of data should I look to use? Every data set I find seems to come in a form that Splunk will automatically ingest.

Any suggestions are greatly appreciated!

Tags (1)
0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi Buonomon2,

Many log files and data from third-party products come in a format that are cannot be readily ingested by Splunk (not default sourcetypes) and must be collected using add-ons or through custom configurations.
In fact, if you look at Splunk Add-ons, most of these third-party products' logs cannot be directly ingested by Splunk out of the box and specific sourcetypes and configurations have been defined for them in the add-ons to ingest and normalize the data and some additional configurations are needed.

Hope this helps. Thanks!
Hunter

hunters_splunk
Splunk Employee
Splunk Employee
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...