O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Logging data

Before Splunk can capture any data, it needs to be packaged from the source, which can be done in a number of different ways:

  • A Splunk logging library for Java, JavaScript, or .NET
  • Another agent, such as a JavaScript request library
  • The Java Apache HTTP client
  • And lastly, some other client packing data in JSON or raw formats

Before going further, let's review what the JSON format means. A couple of examples of key-value pairs in JSON format are shown here. The key is listed first, then a colon, and then the value of that key. Sequences of key-value pairs must be separated by commas:

{ "time": 1519413100, // epoch time "host": "localhost", "source": "datasource", "sourcetype": "txt", "index": "main", "event": { "Hello world!" ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required