Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Where is the extracted_eventtype field in the duo_splunkapp created?

ww9rivers
Contributor
‎09-12-2024 08:20 PM

I see this "extracted_eventtype" field in many saved searches and dashboard inline searches. However, I cannot find where it is generated.

In the DUO events I do see "event_type" and "eventtype" fields. But not "extracted_eventtype". Dashboards with that field show "No results found.because that field is nowhere to be found in DUO events.

Any thoughts / pointers would be very much appreciated!

Labels (2)
0 Karma
Reply

dural_yyz
Motivator
‎09-13-2024 07:37 AM

Checking in other Answers it doesn't appear that "extracted_eventtype" is specific to DUO logs or app extractions.  Leads me to believe this is automagically generated at search time via Splunk default behavior.

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top