Now here we will mention the index,host and sourcetype. In the nf we will mention the absolute path of the file of our sample data which we want to monitor. You can find the nf in the below path: $SPLUNK_HOME$/etc/system/local/ Now after creating the file, put the sample data in this file and after that press “esc” -> “:wq” You can use any other location or any other existing file for storing your data. Here I have created file named host.txt in /tmplocation. You have to go to the location where you want to save the sample data and then create a file. and secondly I will use here two configuration files that are nf and the nf ,both the files are configured in Heavy Forwarder and there is one another configuration file nf which we will use later. See below we have given a sample data on which I am going to perform the parsing : Hii guys Today I am going to show you how to perform parsing. So for this, I will show you how to do this. So suppose there are four events, and you want to change the sourcetype name of any 2 events then you can do this by performing parsing on your data. For parsing and filtering we use two configuration files that is nf and nf in the heavy forwarders.īut what if you want to change the sourcetype name in the different events according to your requirement. Now we can perform different actions on those events. We know that at the time of indexing data into indexers, Splunk software parses the data stream into a series of events.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |