Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

App not creating sourcetypes

jravida
Communicator
‎12-22-2020 11:38 AM

Hi folks,

I’m having an issue getting Juniper logs to show the correct sourcetype. Right now they simply all show up as “sourcetype=juniper”, instead of the expected ones like “juniper:junos:firewall”. I have the Splunk Juniper app installed, and the input selected to use the juniper sourcetype, so the right props/transforms should be breaking down more sub-sourcetypes. Am I missing a step? Thanks!

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-22-2020 12:26 PM

Did you install the Juniper add-on?  It must be installed on the search head as well as the indexer or HF (whichever touches the data first).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...