Splunk data logs spreadsheet

New Member

I'm new to Splunk - and have been asked to create a spreadsheet that my global company can use to baseline our Proof of Concept (POC),
Specifically, how do you identify what you are forwarding e.g. if I wanted to identify specific machines what is the best approach identify the log type or the machine type?????? Would the below be the best approach????

And then add for example "firewall with IPS" Under "Security" ???
Or "Cisco switch" under "network"?

Security | Custom Applications | Networks | databases | Servers | Smartphones | Virtual Machines | Web Services | Sensors

Tags (1)
0 Karma


Knowing this level of data requires you to enhance the data with Splunk asset lookups. The simplest approach is to say:

|tstats count by sourcetype source host

This will give you a count by each piece of metadata, most of which clue you in to what the data is. For example, access_combined is a default standard for Apache Web logs. WinEventLog:Security is the Windows Security log. If you need to go deeper than that, you will have to tell Splunk (via lookup) what each host in the environment is, what it does, etc....

0 Karma
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...