Adding DD-WRT Sourcetype
Sample Data Here I'm going to show you how to add a new source type into the Home Monitor App using dd-wrt as an example. I'm planning on building a Splunk Technology Add-on (TA) for the Home Monitor app so that these extractions can be used by other apps or in a distributed environment. First, let's take a look at the data. We can see here that the data is already in Name = Value pairs with some extra fields that we can extract using the interactive Splunk Extraction tool. 2016-01-10 14:59:57 Kernel.Warning 192.168.28.1 Jan 10 06:59:57 kernel: ACCEPT IN=vlan2 OUT=br0 MAC=78:54:2e:4e:13:c9:00:17:10:85:ab:92:08:00:45:00:00:8f SRC=218.15.145.194 DST=192.168.28.57 LEN=143 TOS=0x00 PREC=0x00 TTL=43 ID=4934 PROTO=UDP SPT=14392 DPT=19598 LEN=123 MARK=0xa000 2016-01-10 14:59:57 Kernel.Warning 192.168.28.1 Jan 10 06:59:57 kernel: ACCEPT IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1d:ba:67:d7:f2:08:00 SRC=192.168.28.11 DST=192.168.28.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2325
