Solved: What are different between searching with index, s... - Splunk Community

Monitoring Splunk

Hi Experts,

Can someone explain to me what are different between searching with index, sourcetype and host? Which one give us performance better, in case we have only one host and one sourcetype? I am super confused about those concepts in Splunk. Is there any ways to check where data was transfer from by index in Splunk? Thank in advance!

1 Solution

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

View solution in original post

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

That's exactly what I am looking for, thank you @isoutamo

Get Updates on the Splunk Community!

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...