I was recently at a client site for a two-week engagement assisting them with ramping up their Splunk installation, and I came across something particularly interesting. One of the log files the client wanted to index in Splunk contained four different log formats with four different timestamps. Take a look at a sample of the log:
OH NO!! Splunking log files with multiple formats?? No problem!
Posted by Rupak Pandya
on Thursday, January 24, 2013 - 14:07
Operational Intelligence, Best Practices Big data, Data Inputs, Machine data, props.conf, Splunk, Timestamps, Web Analytics
Function1, Inc. Copyright 2024. All Rights Reserved