Splunk Source Types: Splunk Tutorial
In this tutorial, we are going to learn about the Splunk Source Types that is the in built feature of Splunk used for categorising and sub categorising data in terms of formats.
Data Source Types in Splunk
Previously we have seen in this series of Splunk Tutorials, that data is categorised and identified by Splunk automatically as soon as it gets uploaded, not only that but Splunk makes sure that it also identifies the file’s field and data labels, be it a log file, a csv file or any sql data coming from a database.
This amazing feature of Splunk is known as source type identifier which is a built in feature of Splunk that helps the software find and detect files and the information inside them based on their format or file type. This is a highly important feature as the user saves a lot of his time of not to manually configure data and the information related to it. The input fields get recognized by Splunk itself.
Supported Source Types
In order to see how many data source types does Splunk supports through the Add data option, you can simply select the dropdown menu of Source Type and see a list of format types that are available for support inside Splunk. Below we have worked with a csv file, but you can choose any format that is present inside the dropdown as an option.
Source Type Sub-Category
If you look closely, then source type data formats have sub categories to them as well which Splunk supports, let’s look inside the category of ‘Structured’ and see how further sub categories of it are supported by Splunk.
In the above image, you can see that the structure data source type is further sub categorised into different formats like json, csv, jason_no_timestamp and psv. These built in data types are ready to use and the moment you upload any file format based on these, Splunk will automatically detect it and index according to the format.
