Hi
I have one file with multiple JSON types in it.
What is the best way to get this data into Splunk.
I dont think i can use a universal forwarder as i cant specify the sourcetype as i is multiple.
Someone said use a heavy forward and do the work of splitting the data into different source types before i send it.
Is this the correct approach?
Thanks
Robert Lynch
↧