All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is the Splunk App for Unix and Linux generating multiple "yum" source types?

aferone
Builder
‎10-19-2018 09:00 AM

I turned on monitoring of /var/log, and when it gets to /var/log/yum.log, I am getting 3 different yum source types for my different systems. All systems are the same Linux flavor.

yum
yum-2
yum-too_small

This is messing with my field extractions.

What is causing this behavior?

Thanks.

Reply

sudosplunk
Motivator
‎10-19-2018 11:40 AM

If sourcetype is not explicitly defined in .conf files (inputs, props or transforms), splunk will automatically use the logfile name segment as sourcetype name. You can overwrite this by defining configs and settings in local directory inside the app.

0 Karma
Reply

aferone
Builder
‎10-25-2018 07:57 AM

I guess I assumed that by using the Linux T/A, I wouldn't have to worry about quarks like this?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...