https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132269#M36068 <P>Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.</P> Fri, 21 Nov 2014 18:51:31 GMT ChrisG 2014-11-21T18:51:31Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132266#M36065 <P>Does there exist some sort of map or guide to understanding Splunk's internal indexes (_internal, _audit, _introspection)? Something like:<BR /> <CODE>_internal<BR /> sourcetypes<BR /> splunkd<BR /> fields<BR /> per_user_thruput (description of value data)</CODE></P> <P>I have found and been given a few great examples as well as hacked up some splunk on splunk dashboards, but I would like to know what logs contain what so that we can build some additional auditing reports.</P> Mon, 28 Sep 2020 18:14:53 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132266#M36065 feickertmd 2020-09-28T18:14:53Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132267#M36066 <P>There is a topic in the Troubleshooting Manual that provides a summary of <A href="http://docs.splunk.com/Documentation/Splunk/6.2.0/Troubleshooting/WhatSplunklogsaboutitself">what Splunk Enterprise logs about itself</A>, with links to more detailed information when it is available. Is that the material you are looking for?</P> Fri, 21 Nov 2014 18:38:41 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132267#M36066 ChrisG 2014-11-21T18:38:41Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132268#M36067 <P>Close, but no cigar. It does tell me what logs it covers, but very little about what those logs contain or what their fields represent.</P> Fri, 21 Nov 2014 18:47:15 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132268#M36067 feickertmd 2014-11-21T18:47:15Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132269#M36068 <P>Got it. There is some additional information in the topics that follow the one I previously linked, including some field information, but there isn't any comprehensive reference to the log files and fields in the documentation.</P> Fri, 21 Nov 2014 18:51:31 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132269#M36068 ChrisG 2014-11-21T18:51:31Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132270#M36069 <P>Actually, with version 6.0 some of what you want exists as sample data models included in the Search app. Go to Settings / Data Models, and choose the Search app and you'll see this:</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/162i456D95365D5309F5/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Fri, 21 Nov 2014 21:13:57 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132270#M36069 halr9000 2014-11-21T21:13:57Z https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132271#M36070 <P>A thing of beauty!</P> Mon, 24 Nov 2014 14:07:24 GMT https://community.splunk.com/t5/Splunk-Search/Is-there-a-guide-or-map-to-understand-Splunk-s-internal-indexes/m-p/132271#M36070 feickertmd 2014-11-24T14:07:24Z