Generic ZFS File data stream
This reference lists the configuration values that you can update in the
Configure Log Forwarder data stream window for the
Generic ZFS File data stream.
Configuration values that you can update
- The name that uniquely identifies the data stream to the Configuration Tool. If you want to add more data streams of the same type, you must first rename the last stream that you added.
- File Path
- A unique identifier that represents the data origin. The identifier must be the absolute path,
including the file name, of a log file that contains the relevant data.Tip: If you are gathering log data from a rolling z/OS® UNIX log, see Data collection from a rolling z/OS UNIX log for more information, including how to specify this file path value for a rolling log.
- Data Source Name
- The name that uniquely identifies the data source to subscribers. Tip: If you use the Auto-Qualify field in the subscriber configuration to fully qualify the data source name, this dataSourceName value is automatically updated with the fully qualified data source name. For more information about the values that you can select in the Auto-Qualify field, see Subscriber configuration.
- Data Source Type
- A value that the subscriber can use to uniquely identify the type and format of the streamed data.
- Time Format
- The format for the time in a generic data stream. This value is used to extract and parse the
time in each record. You can select a pre-defined time format from the drop list or select
Other to specify a time format if there is no matching one. For all the
supported symbols in the time format, refer to the Table 1 table.
Table 1. Support symbols Symbol Meaning Example G era AD yyyy year-of-era 2019 yy year-of-era 19 D day-of-year 189 MMMM month-of-year July MMM month-of-year Jul MM month-of-year 6 M month-of-year 6 dd day-of-month 1 d day-of-month 1 Q quarter-of-year 1; 01 YYYY week-based-year 2019 YY week-based-year 19 ww week-of-week-based-year 5 w week-of-week-based-year 5 W week-of-month 1; 01 EEEE day-of-week Tuesday EEE day-of-week Tue e localized day-of-week 1; 01 a am-pm-of-day AM; PM hh clock-hour-of-am-pm (1-12) 5 h clock-hour-of-am-pm (1-12) 5 kk clock-hour-of-am-pm (1-24) 05; 15 k clock-hour-of-am-pm (1-24) 5; 15 KK hour-of-am-pm (0-11) 9 K hour-of-am-pm (0-11) 9 HH hour-of-day (0-23) 5 H hour-of-day (0-23) 5 mm minute-of-hour 6 m minute-of-hour 6 ss second-of-min 2 s second-of-min 2 SSS fraction-of-sec 111 SSSSSS fraction-of-sec 111111 A milli-of-day 1234 n nano-of-second 987654321 N nano-of-day 1234000000 V time-zone ID America/Los_Angeles z time-zone name PST; -08:00; -08:30:00 Z zone-offset +0000; -0800; x zone-offset -08; -0830 X zone-offset Z; -08; -0830;
- Time Zone
- If the timestamp in the collected data does not include a time zone, this
value specifies a time zone to the target destination. Specify this value if the time zone is
different from the system time zone, which is defined in the Log Forwarder started task, as
described in Creating the Log Forwarder started task. The value must be in the format
plus_or_minusHHMM, where plus_or_minus represents the
-sign, HH represents two digits for the hour, and MM represents two digits for the minute.Examples:
If you want this time zone Specify this value Coordinated Universal Time (UTC) +0000 5 hours west of UTC -0500 8 hours east of UTC +0800
- Discovery Interval
- In the process of streaming data, the number of minutes that the Log Forwarder waits before it checks for
a new log file in the data stream.
The value must be an integer in the range 0 - 1440. A value of 0 specifies that the Log Forwarder only checks for a new log file once when the data gatherer is started. The default value is the value that is defined in the Log Forwarder properties, as described in LOG FORWARDER properties: Defining your Log Forwarder intervals.
- A value that specifies the encoding type of the ZFS File. For all the supported encoding types,
refer to the following list.
- Default platform encoding
The encoding type of the platform that runs the Log Forwarder component is used as the encoding type of the ZFS File.
- Default platform encoding
- Customized Data Source Type
- A specification of whether to customize the data source type for Splunk HEC. The default value is No, which represents that the subscriber uses the default data source type to identify the type and format of the streamed data. If the value is set to Yes, you need to specify the data source type for Splunk HEC in the following Data Source Type for Splunk HEC field.
- Data Source Type for Splunk HEC
- A value that the subscriber can use to uniquely identify the type and format of the streamed data. This field is available only when you set the value of Customized Data Source Type to Yes, choose to customize the data source type and the protocol is Splunk HEC with customized field support or Splunk HEC with customized field support secure. The default value is Data Source Type_KV. You can specify the value according to your needs.