Solved: What are different between searching with index, s... - Splunk Community

Monitoring Splunk

Hi Experts,

Can someone explain to me what are different between searching with index, sourcetype and host? Which one give us performance better, in case we have only one host and one sourcetype? I am super confused about those concepts in Splunk. Is there any ways to check where data was transfer from by index in Splunk? Thank in advance!

1 Solution

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

View solution in original post

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

That's exactly what I am looking for, thank you @isoutamo

Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...