This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
« Previous  |   Table of Contents   |   Next »

Splunk User Manual (Splunk v2.0)

Sources, Source Types and Hosts

Source Type

The type of data in the source, as determined by Splunk or configured by an administrator. Typical examples are apache_combined_wcookie, linux_syslog_messages and mysqld_table_status. If no sourcetype is configured for a source Splunk will try to deduce it. If there's not enough data from the source for Splunk to deduce its type it sets the type to too_small.

Rename a Source Type

If you recognize a specific source type that Splunk has labeled as UNKNOWN—or even if you want to mark one as mysterious—click the menu button next to the sourcetype:: value. A dialog box labeled Rename this SourceType: will appear. Edit the sourcetype to be a string of alphanumeric characters (you can also use _ and -, but no spaces) and click Save to update your index. You can change it again later.

Splunk Professional Users

Splunk Professional users without Power User or Admin status cannot edit source type names.

« Previous  |   Table of Contents   |   Next »

Comments

No comments have been submitted.

close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: