How do I get data into Splunk? What is a sourcetype? Does Splunk already know how to handle my data? What app do I use? What if all my data is syslog? If you are asking these questions, then this session is for you. After all, data quality is the foundation of becoming a data-driven organization. This session will walk through onboarding fundamentals. We will discuss the importance of a timestamp and what to do if your data may not have one. We will explain when to use an existing or create a new sourcetype. We will review the process of examining an app from Splunkbase and determining what sourcetype the app expects. By the end of this session you will no longer use syslog as a sourcetype, but as a means of collecting data.

Speaker(s)
Luke Netto, Staff Professional Services Consultant, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1561.pdf?podcast=1577146233