Solved: What are different between searching with index, s... - Splunk Community

Monitoring Splunk

Hi Experts,

Can someone explain to me what are different between searching with index, sourcetype and host? Which one give us performance better, in case we have only one host and one sourcetype? I am super confused about those concepts in Splunk. Is there any ways to check where data was transfer from by index in Splunk? Thank in advance!

1 Solution

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

View solution in original post

Solution

Hi

I hope that the next links will help you:

- https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Data/Aboutdefaultfields

- https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchTutorial/Startsearching

r. Ismo

That's exactly what I am looking for, thank you @isoutamo

Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...