Splunk 简明教程
Splunk - Source Types
所有传入 Splunk 的数据首先由其内置数据处理单元进行判断,并分类为某些数据类型和类别。例如,如果它来自 Apache Web 服务器的日志,Splunk 能够识别它,并从读取的数据中创建适当的字段。
All the incoming data to Splunk are first judged by its inbuilt data processing unit and classified to certain data types and categories. For example, if it is a log from apache web server, Splunk is able to recognize that and create appropriate fields out of the data read.
Splunk 中的这一功能被称为“来源类型检测”,它利用其内置的、被称作“预训练模型”的来源类型来实现此目的。
This feature in Splunk is called source type detection and it uses its built-in source types that are known as "pretrained" source types to achieve this.
这让分析变得更为简单,因为用户不必手动对数据进行分类和将任何类型的数据分配给传入数据的字段。
This makes things easier for analysis as the user does not have to manually classify the data and assign any data types to the fields of the incoming data.
Supported Source Types
可以通过 Add Data 功能上传文件,然后选择来源类型的下拉列表,查看 Splunk 中支持的来源类型。在下图中,我们上传了一个 CSV 文件,然后选中了所有可用选项。
The supported source types in Splunk can be seen by uploading a file through the Add Data feature and then selecting the dropdown for Source Type. In the below image, we have uploaded a CSV file and then checked for all the available options.
image::https://www.iokays.com/tutorialspoint/splunk/_images/source_type_1.jpg [Source Type1]
Source Type Sub-Category
即便在那些类别中,我们也可以进一步点击查看支持的所有子类别。因此,当选择数据库类别时,你会发现 Splunk 可以识别的不同类型的数据库及它们支持的文件。
Even in those categories, we can further click to see all the sub categories that are supported. So when you choose the database category, you can find the different types of databases and their supported files which Splunk can recognize.
image::https://www.iokays.com/tutorialspoint/splunk/_images/source_type_2.jpg [Source Type2]
Pre-Trained Source Types
下表列出了 Splunk 识别的部分重要预训练来源类型:
The below table lists some of the important pre-trained source types Splunk recognizes −
Source Type Name |
Nature |
access_combined |
NCSA combined format http web server logs (can be generated by apache or other web servers) |
access_combined_wcookie |
NCSA combined format http web server logs (can be generated by apache or other web servers), with cookie field added at end |
apache_error |
Standard Apache web server error log |
linux_messages_syslog |
Standard linux syslog (/var/log/messages on most platforms) |
log4j |
Log4j standard output produced by any J2EE server using log4j |
mysqld_error |
Standard mysql error log |