Hi guys,
I installed the Splunk App for Unix and Linux and the Splunk Add-on for Unix and Linux.
I've a problem with the sourcetype = netstat . The fields of these events aren't automatically extracted.
If I search (in verbose mode): "**index=os sourcetype=netstat**" this is the result:
![alt text][1]
As you can see the fields: "Proto Recv-Q Send-Q LocalAddress ForeignAddress State" are not extracted.
Instead, if I search (in verbose mode): "**index=os sourcetype=iostat**" this is the result is fine:
![alt text][2]
Thanks
[1]: /storage/temp/188315-screen-shot-2017-03-14-at-175340.png
[2]: /storage/temp/188316-screen-shot-2017-03-14-at-175313.png
↧
