Hi,
I was wondering if it was possible to create a field within the source type that would show the event type.
Here is a record from my log:
2016-06-05T19:55:10,144 INFO LoadProperties:225 - LoadProperty - Initial fetch for properties is successful
I would like to have INFO (and other types, like ERROR, WARN etc) as their own field within the source type. How can I do this? I'm new to Splunk and am currently using Splunk Enterprise 6.4.
↧