Knowledge Management

What do the summary index fields stand for?

chiangs
Explorer

Summary indexing produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviations. Here are some examples when averaging the number of bytes returned per client IP, as logged by apache (ie 'sistats avg(bytes) by clientip'):

  • psrsvd_ct_bytes
  • psrsvd_gc
  • psrsvd_nc_bytes
  • psrsvd_sm_bytes
  • psrsvd_ss_bytes
  • psrsvd_v
  • psrsvd_vt_bytes

Here are some more for a count (in my case not literally, but basically 'sichart count by clientip')

  • psrsvd_gc
  • psrsvd_v
Tags (1)
1 Solution

ryhluc01
Communicator

You should accept your own answer. So that this question displays as solved. This information was very helpful.

0 Karma

somesoni2
Revered Legend
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...