how Splunk parses log files

• As noted here, your data goes through several stages: 1) input, 2) parsing (AKA "event processing"), 3) indexing, and 4) search.
• This is the list of log file formats that Splunk can natively parse.
  • There are "apps" available in "Splunkbase" that can be used to parse additional file types [more].
• There are rules that determine how the source type is recognized.
• How to create a new source type.
• Splunk would prefer to read events in key-value form
  • json or xml are good