Hi Experts,
Can someone explain to me what are different between searching with index, sourcetype and host? Which one give us performance better, in case we have only one host and one sourcetype? I am super confused about those concepts in Splunk. Is there any ways to check where data was transfer from by index in Splunk? Thank in advance!
Hi
I hope that the next links will help you:
- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields
- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching
r. Ismo
Hi
I hope that the next links will help you:
- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields
- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching
r. Ismo
That's exactly what I am looking for, thank you @isoutamo