I have transforms like access-extractions and access-request, which map to the automatically recognized source types like access_combined, access_combined_wcookie, and access_common in the Field Extractions. Fields from events with these sourcetypes have fields extracted at search time as they should. However, the automatically recognized source types list also mentions: websphere_trlog_syserr and websphere_trlog_sysout. I have a websphere_trlog but not the other two. These should be built-in and not require any other specific app, right? Why would I be missing these two?
Ref: http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/Listofpretrainedsourcetypes
Splunk version 6.4.3
... View more