Hello -
I just installed SPLUNK (docker) and I would like to forward all the Plex logs to there.
During the setup, I am asked to select a SOURCE TYPE … what format are the log in, so Splunk knows how to intelligently format them.
My options are: (table source)
| Category | Source Types |
|---|---|
| Application servers | log4j, log4php, weblogic_stdout, websphere_activity, websphere_core, websphere_trlog, catalina, ruby_on_rails |
| Databases | db2_diag, mysqld, mysqld_error, mysqld_bin, mysql_slow |
| exim_main, exim_reject, postfix_syslog, sendmail_syslog, procmail | |
| Operating systems | linux_messages_syslog, linux_secure, linux_audit, linux_bootlog, anaconda, anaconda_syslog, osx_asl, osx_crashreporter, osx_crash_log, osx_install, osx_secure, osx_daily, osx_weekly, osx_monthly, osx_window_server, windows_snare_syslog, dmesg, ftp, ssl_error, syslog, sar, rpmpkgs |
| Metrics | collectd_http, metrics_csv, statsd |
| Network | novell_groupwise, tcp |
| Printers | cups_access, cups_error, spooler |
| Routers and firewalls | cisco_cdr, cisco:asa, cisco_syslog, clavister |
| VoIP | asterisk_cdr, asterisk_event, asterisk_messages, asterisk_queue |
| Web servers | access_combined, access_combined_wcookie, access_common, apache_error, iis* |
| Splunk software | splunk_com_php_error, splunkd, splunkd_crash_log, splunkd_misc, splunkd_stderr, splunk-blocksignature, splunk_directory_monitor, splunk_directory_monitor_misc, splunk_search_history, splunkd_remote_searches, splunkd_access, splunkd_ui_access, splunk_web_access, splunk_web_service, splunkd_conf*, django_access, splunk_help, mongod |
| Non-log files | csv*, psv*, tsv*, _json*, json_no_timestamp, fs_notification, exchange*, generic_single_line |
| Miscellaneous | snort, splunk_disk_objects*, splunk_resource_usage*, kvstore* |
I appreciate the help, as I could not find any documentation about the logging format.
