Why ams I getting more sourcetypes under pivot, than I uploaded from search and reporting app?

New Member


I have uploaded only 3 different files into the search and reporting app. I went to pivot, I selected sourcetype as 'Split by Rows'. I am getting a lot of fields which include audittrail, kvstore, mongod, scheduler, splunkversion, splunk, splunkd_conf, etc. Why is that?



Labels (1)
Tags (1)
0 Karma

New Member

@richgalloway or any other, please help

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...