document updated 17 days ago, on Mar 7, 2023
how Splunk parses log files
, your data goes through several stages: 1) input, 2) parsing (AKA "event processing"), 3) indexing, and 4) search.
This is the list
of log file formats that Splunk can natively parse.
There are "apps" available in "
" that can be used to
parse additional file types
rules that determine how the source type is recognized
How to create a new source type
Splunk would prefer to read events in key-value form
json or xml are good